Two Apple zero-days actively exploited via zero-click exploit chain

Home / Threat Intelligence bulletins / Two Apple zero-days actively exploited via zero-click exploit chain

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Two Apple zero-day security flaws have been actively exploited via a zero-click exploit chain, whereby Pegasus commercial spyware was deployed onto fully patched iPhone devices. Leverage of the vulnerabilities, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the threat actors to compromise iPhones belonging to a civil society organisation based in Washington DC with malicious attachments.

Impact

Successful exploitation of CVE-2023-41064 and CVE-2023-41061 allow threat actors to gain arbitrary code execution capabilities on unpatched iPhone and iPad systems which will almost certainly result in the compromise of data.

Incident Detection

Apple has released security updates with regards to the product versions affected by the security flaws reported on. As such, previous versions are vulnerable to potential exploitation.

Affected Products

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  •  iPad mini 5th generation and later
  • Macs running macOS Ventura
  • Apple Watch Series 4 and later

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected products apply the following updates that were released by Apple:

  • macOS Ventura 13.5.2
  • iOS 16.6.1
  • iPadOS 16.6.1
  • watchOS 9.6.2 with improved logic and memory handling.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Apple occupies a significant portion of the smart device and PC market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Apple products have become a prime target. Due to the fact that smart devices and PCs have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within these systems in an attempt to extract the sensitive data contained therein.

Since the start of 2023, Apple has remediated 13 zero-days flaws that have been exploited to target their systems. Due to this trend, it is likely that additional zero-day flaws will be discovered in the coming months. As such, it is vital that Apple product users apply any security patches as soon as they become available.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic: Execution:

TA0002  – Execution

Further Information

Citizen Lab Report

 

An Intelligence Terminology Yardstick to showing the likelihood of events