Two zero-day vulnerabilities were recently discovered in certain iPhones, Macs, and iPads. CVE-2023-28206 is an IOSurfaceAccelerator out-of-bounds write flaw that can cause a crash, data corruption, or code execution. If successful, a maliciously crafted app could be used to gain kernel privileges on targeted devices, allowing an attacker to execute arbitrary code. 

The second vulnerability, CVE-2023-28205, is a WebKit use after free flaw that leads to data corruption or arbitrary code execution when reusing freed memory. If successful, an attacker could trick victims into visiting malicious web pages that attackers’ control. This could lead to code execution on compromised systems. Apple has fixed both zero-day vulnerabilities in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1. The list of impacted devices is extensive and includes:  

  • iPhone 8 and later 
  • iPad Pro (all models) 
  • iPad Air 3rd generation and later 
  • iPad 5th generation and later 
  • iPad mini 5th generation and later 
  • and Macs running macOS Ventura 

While Apple is aware of exploitation reports, they have not released details regarding attacks. Avertium recommends that users update their Apple devices as soon as possible.  



avertium's recommendations

  • The update for Safari 16.4.1 addresses CVE-2023-28205, which affects only the WebKit bug on Macs operating with Big Sur and Monterey. The patch is not integrated into a new version of the operating system, so the macOS version number will remain the same. 

  • The macOS Ventura 13.3.1 update includes fixes for both bugs in the latest macOS release. It also includes the Safari update, which was previously distributed separately to older Mac users. 
  • iOS 16.4.1 and iPadOS 16.4.1 updates address both bugs for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. 




At this time, there are no known IoCs associated with CVE-2023-28205 and CVE-2023-28206. Avertium's threat hunters remain vigilant in locating IoCs for our customers. If any are located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive 



How Avertium is Protecting Our CUSTOMERS

While Apple products are not widely used at an enterprise level, these devices could provide an attack vector for company executives. Avertium is raising awareness among our customers to patch this vulnerability before it’s too late.  





About the security content of macOS Ventura 13.3.1 - Apple Support 

Apple issues emergency patches for spyware-style 0-day exploits – update now! – Naked Security (sophos.com) 

Apple fixes two zero-days exploited to hack iPhones and Macs (bleepingcomputer.com) 

About the security content of Safari 16.4.1 - Apple Support 

Chat With One of Our Experts

Zero-Day Vulnerability Flash Notice Apple Apple Zero-Day Vulnerability Double Zero-Day Blog