Serious iOS and macOS Zero-Day Vulnerabilities Discovered

Kris WilkinsonApril 12, 2023

Apple has released emergency security updates to address two zero-day vulnerabilities that have been exploited in recent attacks affecting iPhones, iPads, and Macs. These vulnerabilities could allow attackers to execute arbitrary code with kernel privileges or execute malicious code on iOS and macOS devices.

What’s the risk?

It is extremely important that you install these emergency updates as soon as possible to prevent potential attacks on your personal and corporate devices. The list of affected devices is extensive and includes the following:

  • iPhone 8 and later,
  • iPad Pro (all models),
  • iPad Air 3rd generation and later,
  • iPad 5th generation and later,
  • iPad mini 5th generation and later, and
  • Macs running macOS Ventura.

Apple released updates for these vulnerabilities, they are fixed in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1, with improved input validation and memory management.

What should you do?

To secure your devices against these vulnerabilities, it’s crucial to install the updates released by Apple as soon as possible. We strongly advise updating all iPhone, iPad, and macOS devices immediately to address the two zero-day vulnerabilities. Please ask your team to update their devices.

This is a serious, wide-reaching issue, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive calling for patching of these vulnerabilities by federal agencies by May 1st, 2023.

Important: Ensure the Apple device is backed up before applying updates. The likelihood of an update causing issues is low, however, you should always backup before applying updates to protect yourself.

Additional Information:

If you have questions or need assistance, please call or e-mail us. If you’re interested in having SIRKit manage your security, please get in touch.