Apple’s September 2023 Zero-Day Exploit and Updates

If you have not already, we strongly urge you to update your iPhone to the latest available firmware. Within the last day, Apple had rolled out an announcement making it known to its users that they have been breached by an attacker who had gained access to targeted devices through a zero-day exploit. These vulnerabilities were all exploited in targeted attacks, meaning that they were not used to infect a large number of devices. However, they are still a serious threat, as they could be used to gain control of a victim’s device and steal their data.

Recent Zero-Day Exploits Patched by Apple

As of Sept. 8, 2023, Apple has identified 13 zero-dat vulnerabilities. These vulnerabilities, which often lead to attacks, hold the potential power to commandeer control of devices and/or extract sensitive data. The two vulnerabilities are as followed:

• CVE-2023-41061 – A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.
• CVE-2023-41064 – A buffer overflow issue in the Image I/O component that could result in arbitrary code execution when processing a maliciously crafted image.

Attacks like these are not uncommon and certainly something you need to be aware of (as a potential threat). These attacks were carried out with zero interaction on the behalf of the device owner.

Moving Forward?

We always suggest to users, regardless of the device they use, to keep their software up to date. Reason being? For scenarios exactly like this. While individuals may not be a likely target of the attack, you are much better safe than sorry.

To update to the latest firmware, follow these few simple steps:

1. Tap on the “Settings” icon on your home screen.
2. Scroll down and select “General.”
3. Tap on “Software Update.” Your iPhone will check for available updates.
4. If an update is available, tap “Download and Install.” You might be prompted to enter your passcode.

Some Other Ways to Stay Safe

• Use a strong password and enable two-factor authentication for all of your online accounts.
• Be careful about what links you click on and what attachments you open.
• Use a security solution like antivirus software or a firewall.