Apple Clamps Down on Critical Bugs Traced To Russian Intelligence Report
Apple Flags Kernel Flaws
Overt Operator
July 25, 2023
Apple, the global technology giant, has announced patches for multiple critical code execution flaws in its iOS and macOS operating systems, including a kernel bug that was reportedly part of an exploit chain analyzed by Kaspersky, the Russian anti-malware vendor.
According to Apple, the kernel flaw, documented as CVE-2023-38606, has widespread implications, affecting devices powered by iOS, iPadOS, and macOS. Worryingly, this flaw has already seen active exploitation against versions of iOS prior to iOS 15.7.1. An app may be able to modify a sensitive kernel state.
Apple is aware of a report that this issue may have been actively exploited," confirmed the tech behemoth. The issue as reported by five researchers from Kaspersky.
This marks the second occasion Apple has been compelled to push out fixes for software vulnerabilities exploited in APT (Advanced Persistent Threat) style attacks on Kaspersky's corporate network.
The timing of Kaspersky's disclosure coincided with Russia's Federal Security Service (FSB) attributing an ongoing spy campaign that targets thousands of domestic iOS devices and foreign diplomatic missions to U.S. intelligence agencies.
In total, Apple has addressed at least 25 identified security bugs plaguing iPhones and iPads. This includes multiple vulnerabilities that exposed these mobile devices to potential code execution attacks. Alongside these fixes, the iOS 16.6 update also patched a WebKit bug initially dealt with in the recent Rapid Security Response rollout.
But the patching spree didn't stop there. Apple has also rectified security issues in its proprietary Safari browser with the release of Safari 16.6. The updates extend to older versions of iPhones and iPads with the release of iOS 15.7.8 and iPadOS 15.7.8, and the macOS with the release of macOS Ventura 13.5.