Apple devices have two zero-day vulnerabilities - Israel exploited both

[yankeedoodle]

Apple devices have two zero-day vulnerabilities - Israel exploited both
This year, Apple has identified 13 zero-day vulnerabilities. Corrective software updates should be installed without delay, as exploits of vulnerabilities have already been detected.
https://www.partisaani.com/news/tech/2023/09/09/applen-laitteissa-kaksi-nollapaivahaavoittuvuutta-israel-hyodyntanyt-molempia/

MECHANICALLY TRANSLATED FROM FINNISH

On Thursday, Apple released updates for iOS, iPadOS, macOS and watchOS devices due to two zero-day vulnerabilities.  [What's that?  This:  https://www.techrepublic.com/article/what-is-a-zero-day-vulnerability/] So far, at least the Israeli NSO has exploited both vulnerabilities to spread the Pegasus spyware . The Pegasus program has already been used to spy on Finns.

Vulnerability CVE-2023–41064 allows an attack using just a photo embedded with custom code.

Vulnerability CVE-2023–41061 enables the execution of own program code by sending a malicious attachment to the target.

The fix is ​​available for iPhone 8 and newer phones, 3rd generation iPad Airs and newer, and 5th generation and newer iPads and iPad minis. Apple Watch Series 4 and newer will receive an update.

The patched operating system versions are iOS and iPadOS 16.6.1, macOS Ventura 13.5.2 and watchOS 9.6.2.

Earlier this week, China announced it would ban iPhones from government officials. The news implied that China would try to reduce its dependence on foreign technology, but now it seems to be at least as much about improving the state's cyber security.

Sources: The Hacker News  https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html