Alert: Apple Security Updates – September 2023
Apple have released multiple security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari.
The zero-days patched by Apple include the following:
-
CVE-2023-41993: WebKit browser vulnerabilities.
-
CVE-2023-41991: Security Framework Vulnerability.
-
CVE-2023-41992: Kernel Framework Vulnerability.
Security Risks
Successful exploitation of a zero-day vulnerability enables an attacker to exploit some of these vulnerabilities and take control of an affected device.
For the full list of security updates released by Apple, please refer to Apple security releases.
Recommended Actions
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.
The released software updates are available for the following devices and operating systems:
-
iOS 16.7 and iPadOS 16.7 - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
-
iOS 17.0.1 and iPadOS 17.0.1 - iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
-
macOS Monterey 12.7 and macOS Ventura 13.6
-
watchOS 9.6.3 and watchOS 10.0.1 - Apple Watch Series 4 and later
-
Safari 16.6.1 - macOS Big Sur and macOS Monterey
2. Enable background updates or automatic updates
3. Before any update task, ensure you have backup for your data.
For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.
References
Apple security releases. (September 21, 2023).
25 September 2023
More updates