- 41/2023
- High
Apple has released security updates to address multiple vulnerabilities including a zero-day vulnerability in Safari 16.3, and macOS Ventura 13.2.1.
The addressed vulnerabilities could allow the attacker to obtain information, escalate privileges, or gain access to the affected system by persuading a victim to open specially crafted web content.
The actively exploited zero-day vulnerability tracked as (CVE-2023-23529) is a WebKit confusion issue that could be exploited to trigger OS crashes and gain code execution on compromised devices.
Sample of the addressed vulnerabilities:
1. Apple Safari WebKit Code Execution (CVE-2023-23529):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Apple macOS Ventura Privilege Escalation (CVE-2023-23514):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-23529
- CVE-2023-23514
- CVE-2023-23522
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.