In response to the critical zero-day vulnerability CVE-2023-28205, Apple has swiftly taken action by releasing a series of patches. Following the best practices of Patch Management, the company recommends updating iOS and macOS.
In this blog post, we’ll into the details of this exploit, shedding light on its impact. Furthermore, we’ll introduce you to InvGate Insight, a solution that enables you to identify outdated devices within your network effortlessly.
Keep reading to learn more about the vulnerability and how to bolster your security measures.
About CVE-2023-28205
Apple has taken swift action to address a critical zero-day vulnerability, identified as CVE-2023-28205, affecting macOS, iOS, and iPadOS. This security flaw, reported by Clément Lecigne from Google's Threat Analysis Group (TAG) and Donncha Ó Cearbhaill, the head of Amnesty International's Security Lab, has been actively exploited in targeted attacks with the potential to compromise devices and install spyware.
CVE-2023-28205 is categorized as a "use after free" issue within the WebKit browser engine, which serves as the foundation for Safari and other web browsers on iOS and iPadOS. By exploiting this vulnerability through specially crafted web content, malicious actors can execute arbitrary code, leading to potential device compromise.
The significance of this exploit lies in its capability to facilitate drive-by, zero-click attacks, enabling malware installation on targeted devices without any user interaction or awareness. Essentially, it allows attackers to compromise the device's security silently.
To mitigate the risk posed by this vulnerability, Apple has released security updates for the following operating systems:
- macOS version 13.3.1
- iOS and iPadOS version 16.4.1
The company has also promptly backported the patches to address the flaw in older operating system versions, including:
- macOS 12.6.5 and 11.7.6
- iOS and iPadOS 15.7.5
Users of macOS Monterey and Big Sur are advised to implement both the offered OS update and the Safari update to eliminate the identified vulnerabilities effectively. By doing so, they can ensure their devices are protected against potential attacks leveraging CVE-2023-28205.
How to find devices exposed to CVE-2023-28205 with InvGate Insight
If you are looking to identify and prioritize devices in your organization that require immediate attention, you can use the features InvGate Insight provides. You should follow these steps:
- Open InvGate Insight and go to the Explorer tab.
- Type in the Search bar “Software name, is:[name of the software]” to filter all Apple devices.
- Add another filter to the Search bar to see all devices missing the security patch. To do that, add the following filter: “Reported version, is not:” and paste Apple’s patched version.
And there you have it! In just a matter of seconds, you will receive a comprehensive list of devices that are vulnerable and require action. Keep in mind that you can easily download this information in CSV format and share it with your team members, allowing them to stay updated on the necessary patches.
For additional details, watch our informative video on locating vulnerable devices for efficient patching.
The bottom line
The discovery of the critical zero-day vulnerability CVE-2023-28205 has prompted Apple to respond and take necessary measures to address the issue swiftly. This security flaw, exploited in targeted attacks, poses a significant risk to the security of macOS, iOS, and iPadOS devices, potentially leading to compromise and the installation of spyware.
CVE-2023-28205 has contributed to Apple's growing list of exploited vulnerabilities in 2023, further highlighting the ongoing challenges faced by the company in terms of security breaches and potential threats.
If you require assistance in identifying devices that need the update, incorporating InvGate Insight into your Vulnerability Management strategy can be highly beneficial. Request our 30-day free trial to discover how easily you can filter your assets and streamline the process.
