• Apple zero days out – September 2023

    Home » Forums » Newsletter and Homepage topics » Apple zero days out – September 2023

    • This topic has 6 replies, 4 voices, and was last updated 5 months ago.
    Author
    Topic
    #2588839

    Apple has fixes for zero days that have been under attack. It appears most are triggered by a specially crafted web content. CVE-2023-41991 – A certif
    [See the full post at: Apple zero days out – September 2023]

    Susan Bradley Patch Lady/Prudent patcher

    4 users thanked author for this post.
    Viewing 2 reply threads
    Author
    Replies
    • #2588848

      The 3 security bugs are re-patched after being patched in iOS 16.7.
      Apple added “improved checks” .

      iPhone 15 got iOS 17.0.2

    • #2588920

      Does anyone know if these vulnerabilities affect iOS v15.x?

      My 7th gen iPod Touch received an update to iOS v15.7.9 (rel. 11-Sep-2023) to patch CVE-2023-41064, but I checked at https://www.cve.org/CVERecord?id=CVE-2023-41991https://www.cve.org/CVERecord?id=CVE-2023-41992 and https://www.cve.org/CVERecord?id=CVE-2023-41993 and these CVE write-ups only state that “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7“.
      ———-
      Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.3448 * Firefox v117.0.1 * Microsoft Defender v4.18.23080.2006-1.1.23080.2005 * Malwarebytes Premium v4.6.2.281-1.0.2131 * Macrium Reflect Free v8.0.7279

    • #2589763

      Does anyone know if these vulnerabilities affect iOS v15.x?

      Just wonder, will it make any difference if it does then you’ll update to iOS 17 ? Or if it doesn’t you will stay on an ancient unsupported iOS 15 ?

      • #2589790

        ust wonder, will it make any difference if it does then you’ll update to iOS 17 ? Or if it doesn’t you will stay on an ancient unsupported iOS 15 ?

        Hi Alex5723:

        I have an older 7th gen iPod Touch that run iOS v15.x and as far as I know upgrading to iOS v16.x or higher isn’t an option. Also, my iOS v15.x still receives regular updates, including the iOS 15.7.9 update of 11-Sep-2023 that patched CVE-2023-41064 (see https://support.apple.com/en-us/HT213913), so I’m not sure it’s fair to say that iOS v15.x is “unsupported”.

        I only asked about CVE-2023-41991, –41992 and –41993 because many of Susan’s past announcements about iOS zero days often recommend that users update the iOS v15.x on their old devices as well as the iOS 16.x and higher on their newer devices – see her 21-Jun-2023 Apple Releases New Security Updates – June 21 about a previous iOS v15.7.7 update released for my iPod Touch for one example. The CVE reports for all three of these newer CVEs are a bit vague and many of the Apple operating systems in the list of affected products still have a status of “Unknown”.
        ————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3448 * Firefox v118.0.0 * Microsoft Defender v4.18.23080.2006-1.1.23080.2005 * Malwarebytes Premium v4.6.3.282-1.0.2151 * Macrium Reflect Free v8.0.7279

        1 user thanked author for this post.
    Viewing 2 reply threads
    Reply To: Apple zero days out – September 2023

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: