Apple & Microsoft Rush Out Updates for Actively Exploited Zero-Day Vulnerabilities
Cybersecurity experts have warned of active exploits of several zero-day vulnerabilities affecting Apple and Microsoft 365 devices. Apple has rushed out updates to fix two zero-days, while Microsoft addressed 100 security holes, including an actively exploited zero-day.
Apple's iPhones, iPads, and Macs were found to be vulnerable to two zero-day exploits, CVE-2023-28205 and CVE-2023-28206. The first, CVE-2023-28205, allows malicious websites to install code on Apple devices. The second, CVE-2023-28206, enables apps to seize control over a device and is now publicly exploitable. Apple swiftly released updates in May 2023, fixing these issues in iOS/iPadOS versions 16.4.1, 15.7.5, and macOS versions 12.6.5 and 11.7.6.
Microsoft, on the other hand, addressed 100 security holes in its recent updates, including the actively exploited zero-day vulnerability CVE-2023-28252. This vulnerability affects the Windows Common Log System File System (CLFS) driver. Microsoft has rated nearly 90% of this month's vulnerabilities as 'Exploitation Less Likely', with seven rated 'Critical' and 90 rated 'Important'. Two other critical vulnerabilities, CVE-2023-28220 and CVE-2023-28219, affect Windows Remote Access Servers (RAS) and allow remote code execution. Another serious vulnerability, CVE-2023-28231, is a remote code execution vulnerability in a core Windows network process with a CVSS score of 8.8.
Cyber criminals have been leveraging CVE-2023-28252 to deploy Nokoyawa ransomware. Users are urged to update their Apple and Microsoft 365 devices promptly to protect against these active exploits. Regular software updates and strong cybersecurity practices remain crucial in safeguarding personal and business data.
