Apple has released critical security updates to address zero-day vulnerabilities found in Apple products.

The released security updates fix three zero-day vulnerabilities:

• CVE-2023-32434

• CVE-2023-32435

• CVE-2023-32439

Security Risks

Successful exploitation of the three new zero-day vulnerabilities enables attackers to exploit the vulnerabilities, potentially resulting in unauthorized access, data breaches, and compromised device security.

For the full list of security updates released by Apple, please refer to Apple Security Updates.  

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The released software versions to upgrade to are the following:

• iOS 16.5.1 and iPadOS 16.5.1 : for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd Gen. and later, iPad 5th generation and later, and iPad mini 5th Gen. and later.

• iOS 15.7.7 and iPadOS 15.7.7: for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st Gen.), iPad Air 2, iPad mini (4th Gen.) and iPod touch (7th Gen.).

• macOS Monterey 12.6.7 :for all Mac running macOS Monterey.

•  macOS Big Sur 11.7.8 :for all Mac running macOS Big Sur.

• WatchOS 9.5.2 : Apple Watch Series 4 and later.

• WatchOS 8.8.1 : Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE

• Safari 16.5.1:  macOS Big Sur and macOS Monterey.

• macOS Ventura 13.4.1 : for macOS Ventura.

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

 Apple Security Updates