Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
Security. It’s in our DNA. It’s elemental, foundational. Something that an always-on, everything’s-IoT-connected world depends on.
Helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
Best-in-class technology from our partners... backed by service excellence from Avertium.
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
Microsoft Copilot for Security analyzes and synthesizes high volumes of security data which can help healthcare cybersecurity teams do more with less.
Dive into our resource hub and explore top
cybersecurity topics along with what we do
and what we can do for you.
overview
In response to attacks aimed at hacking iPhones, iPads, and Macs, Apple issued urgent security updates that address two vulnerabilities, one of which is a zero-day vulnerability.
The first vulnerability, tracked as CVE-2023-23529 [1,2], is a WebKit confusion zero-day that can lead to OS crashes and the execution of arbitrary code on compromised devices. This vulnerability can be exploited by opening a malicious web page and affects versions of iOS, iPadOS, and macOS, including Safari 16.3.1. The WebKit vulnerability is being exploited in the wild, but it is not clear as to how the vulnerability is being exploited in attacks. WebKit flaws impact every third-party web browser that is available for iOS and iPadOS due to Apple’s restrictions that require browser vendors to use the same rendering framework.
The second vulnerability is tracked as CVE-2023-23514 and is a kernel use after free flaw that can also result in the execution of arbitrary code with kernel privileges on Macs and iPhones. This vulnerability could allow a rogue app to execute arbitrary code with the highest privileges.
To minimize potential risks, it is recommended that users update to iOS 16.3.1, iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.1. Updates are available for iPhone 8 and newer, iPad Pro (all versions), iPad Air 3rd generation and newer, iPad 5th generation and newer, and iPad mini 5th generation and newer. Additionally, the updates are available for Macs that are operating on macOS Ventura, macOS Big Sur, and macOS Monterey.
At this time, there are no known IoCs associated with CVE-2023-23514 and CVE-2023-23529. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs (bleepingcomputer.com)
About the security content of macOS Ventura 13.2.1 - Apple Support
About the security content of iOS 16.3.1 and iPadOS 16.3.1 - Apple Support