Arbitrary Code Execution Vulnerabilities in Apple Products (CVE-2023-41061 & CVE-2023-41064)

2 zero-day arbitrary code execution vulnerabilities (CVE-2023-41061 & CVE-2023-41064) were identified in Apple products.  Users are urged to apply the latest patch on affected devices immediately.

Vulnerability

• Arbitrary Code Execution Vulnerability (CVE-2023-41061 & CVE-2023-41064)

Severity Level

• Critical

Affected products

• For CVE-2023-41061
  • iOS before 16.6.1
  • watchOS before 9.6.2
  • iPadOS before16.6.1

• For CVE-2023-41064
  • macOS Ventura before 13.5.2
  • macOS Monterey before 12.6.9
  • macOS Big Sur before 11.7.10
  • iOS and iPadOS before 16.6.1
  • iOS and iPadOS before 15.7.9

Remediation

• Apply the latest patch on affected device versions ASAP.

Reference

• Apple Products Multiple Vulnerabilities (hkcert.org)
• CISA Adds Two Known Vulnerabilities to Catalog | CISA
• About the security content of iOS 16.6.1 and iPadOS 16.6.1 – Apple Support
• About the security content of iOS 15.7.9 and iPadOS 15.7.9 – Apple Support
• About the security content of macOS Ventura 13.5.2 – Apple Support
• About the security content of macOS Monterey 12.6.9 – Apple Support
• About the security content of macOS Big Sur 11.7.10 – Apple Support
• About the security content of watchOS 9.6.2 – Apple Support

Enquiry

• ITSC Service Desk: http://servicedesk.itsc.cuhk.edu.hk

Published on: 14 Sep 2023