CVE-2023-41992: This is a kernel-level privilege escalation hole that was fixed "with improved checks." This can be abused by rogue applications and users to gain the necessary privileges to take full control of a device.CVE-2023-41991: According to Apple, "a malicious app may be able to bypass signature validation," and was fixed by correcting "a certificate validation issue.".We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |