Residents of the United Arab Emirates (UAE) have recently been alerted to security flaws in some Apple products by the UAE Cyber Security Council.
Apple Devices in UAE Face Vulnerabilities
The alert highlighted the detection of three security vulnerabilities that could potentially affect users of Apple products. These vulnerabilities target specific Apple devices, including iPhone 8 and later models, iPad Mini 5th generation and newer devices, macOS Monterey and later on Mac computers, and Apple Watch from version 4 and onwards.
Protect Your Devices by Installing the Latest Updates
To safeguard their devices and data, the UAE Cyber Security Council strongly recommended that users of the affected Apple devices promptly install the latest updates provided by Apple. These updates are designed to address the identified vulnerabilities and enhance the overall security of the devices.
Versions with Fixes Available
The UAE authorities also shared information regarding the fixed versions for these vulnerabilities. Users should ensure that their devices are updated to the following versions:
- watchOS 9.6.3/10.0.1
- MacOS 12.7/13.6
- iPadOS 16.7/17.0.1
- iOS 16.7/17.0.1
Apple's Response
In response to these security vulnerabilities, Apple took action by releasing patches for the identified issues. On September 21, Apple issued updates to address three zero-day vulnerabilities affecting macOS 12.7/13.6, iOS 17.0.1, and iPadOS 17.0.1. Apple acknowledged that these vulnerabilities "may have been actively exploited against versions of iOS before iOS 16.7."
Details of the Vulnerabilities
Two defects in the WebKit browser engine (CVE-2023-41993) and Security framework (CVE-2023-41991) are among the aforementioned security flaws. By manipulating websites, these flaws may give attackers the ability to avoid signature verification and run arbitrary code. The Kernel Framework (CVE-2023-41992), which offers APIs and kernel extensions, was found to have the third vulnerability. This vulnerability could be used by local attackers to increase their privileges on vulnerable devices.
Credits to Security Researchers
It's important to note that these zero-day vulnerabilities were discovered and reported by security researchers Bill Marczak from the Citizen Lab at the University of Toronto's Munk School and Maddy Stone from Google's threat analysis team.
Moreover, The UAE Cyber Security Council's alert serves as a timely reminder for Apple device users in the UAE to stay vigilant and keep their devices up to date with the latest security patches. By doing so, users can protect themselves from potential security threats and vulnerabilities.