Apple released a comprehensive series of security updates on July 24 for macOS, iOS, iPadOS, tvOS, watchOS, and Safari web browser. These updates address multiple vulnerabilities, including the critical zero-day kernel flaw, CVE-2023-38606. The vulnerability was present across various Apple operating systems, possibly being exploited in iOS versions released before iOS 15.7.1.
CVE-2023-38606 allowed attacks to potentially modify sensitive kernel states. It has additionally been exploited in connection with the zero-click malware campaign used by Operation Triangulation.
This threat actor, discovered by Kaspersky, has not only been associated with this vulnerability, but also two previous ones, CVE-2023-32434 and CVE-2023-32435, which Apple addressed in previous security updates. To learn more about Operation Triangulation’s forensics, network activity, and command and control (C2) mechanisms used in attacks, read Kaspersky’s research.
In addition to the zero-day, CVE-2023-38606, Apple’s security updates addressed several other kernel vulnerabilities, including issues related to arbitrary code execution with kernel privileges, use-after-free flaws, and privilege escalation.
Two weeks prior to this series of updates, Apple released a Rapid Security Response (RSR: a smaller security update that typically handles one issue) to patch a vulnerability in Webkit, CVE-2023-37450. It allowed for arbitrary code execution, which may also have been exploited in the wild.
Apple urges users to promptly install these updates, as well as maintain their device’s up-to-date status in order to stay protected against potential cyberthreats and strengthen their device’s overall security. Users can find the full list of security updates and supported software versions on the Apple Security Releases page.