Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
WARNING: APPLE RELEASED SECURITY UPDATES FOR IOS, IPADOS, MACOS AND SAFARI TO ADDRESS AN ACTIVELY EXPLOITED RCE ZERO-DAY VULNERABILITY, PATCH IMMEDIATELY!
Image
Veröffentlicht : 14/02/2023
Reference:
Advisory #2023-17
Version:
1.0
Affected software:
iOS version 16.3.1
iPadOS 16.3.1
MacOS Ventura 13.2.1
Safari 16.3.1
Type:
Remote code execution (RCE)
CVE/CVSS:
CVE-2023-23529 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)CVE-2023-23514 CVSS N/A (CVSS:3.1 N/A)
Sources
https://support.apple.com/en-gb/HT213638
https://support.apple.com/en-us/HT213635
https://support.apple.com/en-us/HT213633
https://support.apple.com/en-us/HT213638
Risks
On the 13th of February, Apple released security updates for iOS, iPadOS, macOS, and Safari to address CVE-2023-23529, a zero-day flaw reported as actively exploited in the wild. The vulnerability can culminate in arbitrary code execution.
A successful attack has a high impact on all vertices of the CIA triad impacting Confidentiality, Integrity, and availability.
Mobile phones are an interesting target for threat actors especially for espionage campaigns.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. Organisations should investigate if they suspect an intrusion attempt.
If your organization has already identified an intrusion or incident, please report it via: https://ccb.belgium.be/cert/report-incident
Description
CVE-2023-23529 is a type-confusion issue in WebKit browser engine that could be activated when processing maliciously crafted web content and make possible arbitrary code execution on a vulnerable device by getting the targeted user to access a malicious website.
The iOS and iPadOS update also contains a fix for CVE-2023-23514, a use after free issue in the kernel, which could allow a malicious application to execute arbitrary code with kernel privileges. The vulnerability is now actively exploited to install malware.
The vulnerabilities were addressed by Apple with improved checks and improved memory management
Affected products:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later,
- macOS Ventura
- macOS Big Sur
- macOS Monterey
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
- Update vulnerable devices as soon as possible.
- Upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.
References
https://www.securityweek.com/apple-patches-actively-exploited-webkit-zero-day-vulnerability/
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html