Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Mobile Security

New iOS and iPadOS update pushed to fix zero-day bugs

The zero-day bug has been patched after being seen used in the wild by cybercrime groups

Kyle by Kyle
February 17, 2023 - Updated on February 19, 2023
in Mobile Security
0
apple ios ipados zero day update
14
SHARES
249
VIEWS
Share on FacebookShare on Twitter

Cybercriminals and “commercial” spyware developers frequently target iOS devices to carry out surveillance operations, data theft, and other nefarious actions. By identifying a weakness in Apple’s iOS WebKit, hackers can take advantage of security flaws like the one that Apple has fixed in their most recent version of the iPhone and iPad operating systems.

You might also like

Android is getting firmware level security improvements

Are Bluetooth signals being used to track smartphones?

How Apple Stopped $1.5 billion Worth of Fraudulent Transactions in 2021

Apple has released a patched version of iOS and iPadOS that addresses a couple of severe security flaws. One of the vulnerabilities is already being exploited by unknown cybercriminals in the wild. The flaw may be part of well-known cybercrime services sold to some of the world’s most dangerous organizations and foreign states, based on the individuals Apple has thanked for the release of these zero-days.

Information about the two fixed bugs is included in the release notes of both iOS 16.3.1 and iPadOS 16.3.1. The first vulnerability, CVE-2023-23514, is described as a “use after free issue” addressed with improved memory management. A malicious app designed to exploit the bug could execute arbitrary code with kernel-level privileges.

The second vulnerability, known as CVE-2023-23529, is the most dangerous one. It is described as a “type confusion issue” in the WebKit browser engine that could be used to create a malicious web page for executing arbitrary code. Apple said it is aware that the issue may have already been actively exploited, which suggests that security researchers informed the company that the zero-day vulnerability is already being used in a malicious campaigns targeting iPhone and iPad users.

Apple thanked Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero, and an anonymous researcher for discovering the two vulnerabilities. Apple also acknowledged the help they received from The Citizen Lab at The University of Toronto’s Munk School in addressing the flaws.

ios 16 security zero day patched

The Citizen Lab group is well known for its research work on dangerous hacking tools created by the NSO Group and sold to government agencies and police forces worldwide. The Israeli company is infamous for creating Pegasus, multi-platform spyware software designed to exploit zero-day flaws such as CVE-2023-23529 for smartphone-based surveillance operations.

According to several reports, Pegasus has been used to target human rights activists and journalists, carry out state espionage in Pakistan, and conduct domestic surveillance against Israeli citizens. It also played a role in the murder of Jamal Khashoggi by agents of the Saudi government.

Given the involvement of Pegasus hunters at Citizen Lab and Apple’s current silence on the issue, CVE-2023-23529 could be yet another weapon discovered in the powerful arsenal of commercial spyware and surveillance tools routinely used to target dissidents around the world.

Tags: IOSiPadOSzero day
Share6Tweet4
Kyle

Kyle

Co-owner, writer, and editor at ZeroSecurity. Security, Blockchain, and SEO enthusiast. "Formal education will make you a living; self-education will make you a fortune."

Recommended For You

Android is getting firmware level security improvements

by Paul Anderson
February 22, 2023
0
Android is getting firmware level security improvements

Android is the most widely used mobile operating system in the world, but it is also the most challenging to protect against evolving security threats. Google is working...

Read more

Are Bluetooth signals being used to track smartphones?

by Christi Rogalski
June 17, 2022
0
Bluetooth research leads to tracking

Can Bluetooth signals be used to track smartphones? Many people would say "No" to this question. However, a team of engineers at the University of California San Diego...

Read more

How Apple Stopped $1.5 billion Worth of Fraudulent Transactions in 2021

by Christi Rogalski
June 8, 2022
0
Apple app store security fraud

Apple has recently released statistics on the number of fraudulent and untrustworthy transactions that have passed through the Apple App Store in 2021. In combination, they have stopped...

Read more

SharkBot – A New Generation Android Banking Trojan

by Kyle
May 27, 2022 - Updated on May 31, 2022
0
SharkBot Android Banking Malware

SharkBot is a "newer" Android banking trojan found recently being distributed on the Google Play Store. The trojan was originally found in October of 2021 by the Cleafy...

Read more

Silent OS 3.0 for Blackphone Completely revamped

by Paul Anderson
July 24, 2016 - Updated on May 17, 2022
1
Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch level to June 2016. Along with fixes for security vulnerabilities, Silent OS 3.0...

Read more
Next Post
Android is getting firmware level security improvements

Android is getting firmware level security improvements

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.