The first, CVE-2023-41064, is a buffer overflow vulnerability wherein a “maliciously crafted image” could lead to the execution of arbitrary code. This affects Apple products across its range, but it has been fixed in the following OS versions:
- macOS Monterey 12.6.9
- macOS Big Sur 11.7.10
- macOS Ventura 13.5.2,
- iOS 16.6.1
- iPadOS 16.6.1
- iOS 15.7.9
- iPadOS 15.7.9
The second vulnerability, CVE-2023-41061, is a validation issue that could allow a malicious attachment to lead to arbitrary code execution. This flaw only affects Apple’s mobile devices, but it has been fixed in the following OS versions:
- watchOS 9.6.2
- iOS 16.6.1
- iPadOS 16.6.1
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in a statement.
According to CISA, both vulnerabilities are still being analysed, but nonetheless, making sure your affected devices are running up-to-date operating systems should do the trick.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.