Apple have released eight security advisories to address vulnerabilities in multiple products. An attacker may exploit some of these vulnerabilities to take control of a vulnerable system.

Exploitation of CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439

Apple have reported that these vulnerabilities may have been actively exploited in products that include iOS, iPadOS, Safari, watchOS, and macOS. The vulnerabilities known as CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439 could allow a remote attacker to execute arbitrary code.

Threat updates

Date	Update
26 Oct 2023	Patch releases for iOS 15.8 and iPadOS 15.8 This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review the following Apple security advisories and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	Safari 16.5.1 \| HT213816 https://support.apple.com/kb/HT213816
Patch	watchOS 9.5.2 \| HT213812 https://support.apple.com/kb/HT213812
Patch	watchOS 8.8.1 \| HT213808 https://support.apple.com/kb/HT213808
Patch	iOS 16.5.1 and iPadOS 16.5.1 \| HT213814 https://support.apple.com/kb/HT213814
Patch	iOS 15.7.7 and iPadOS 15.7.7 \| HT213811 https://support.apple.com/kb/HT213811
Patch	macOS Big Sur 11.7.8 \| HT213809 https://support.apple.com/kb/HT213809
Patch	macOS Ventura 13.4.1 \| HT213813 https://support.apple.com/kb/HT213813
Patch	macOS Monterey 12.6.7 \| HT213810 https://support.apple.com/kb/HT213810
Patch	iOS 15.8 and iPadOS 15.8 \| HT213972 https://support.apple.com/en-gb/HT213972

Definitive source of threat updates

https://support.apple.com/en-gb/HT201222

CVE Vulnerabilities

Status Reserved

CVE-2023-32434

Status Reserved

CVE-2023-32435

Status Reserved

CVE-2023-32439

Last edited: 26 October 2023 2:27 pm