Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
WARNING: New Actively exploited zero-day vulnerability affecting all Apple products
Image
Veröffentlicht : 25/07/2023
Reference:
Advisory #2023-86
Version:
1.0
Affected software:
iOS 15.7.8 and iPadOS 15.7.8
iOS 16.6 and iPadOS 16.6
macOS Big Sur 11.7.9
macOS Monterey 12.6.8
macOS Ventura 13.5
Safari 16.6
tvOS 16.6
watchOS 9.6
Type:
Modification of sensitive kernel state
CVE/CVSS:
CVE-2023-38606
Sources
https://support.apple.com/it-it/HT213841
Risks
This vulnerability impacts Apple’s whole product spectrum, which is rather exceptional.
Furthermore, the vulnerability is now being actively exploited in attacks that aim at deploying the TriangleDB spyware.
TriangleDB has been observed to be in use by an unknown Advanced Persistent Threat in a sophisticated mobile cyber espionage campaign (Operation Triangulation). The malware has the capability to take complete control of a victim’s device and data.
Description
CVE-2023-38606: Modification of sensitive kernel state.
An app may exploit a kernel vulnerability to modify sensitive kernel state. There is no additional information at this point of time regarding the vulnerability.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends users proactively install the new OS versions by manually initiating the update on their devices.
References
https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-used-in-attacks-against-iphones-macs/
https://securityaffairs.com/147717/malware/triangledb-implant-used-operation-triangulation.html
https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html