According to The Hacker Wews, Apple released a new round of security patches to address three actively exploited zero-day vulnerabilities that affect iOS, iPadOS, macOS, watchOS, and Safari, bringing the total number of zero-day vulnerabilities found in its software this year to 16. The security vulnerability list is as follows:
- CVE-2023-41991, a certificate validation issue in the Security framework that could allow a malicious application to bypass signature verification.
- CVE-2023-41992, a security vulnerability in the Kernel that could allow a local attacker to escalate privileges.
- CVE-2023-41993, a vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
Apple did not provide more details, only confirming that "this issue may be actively exploited in versions prior to iOS 16.7. Users are reminded to upgrade in time."
