State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution February 14, 20

NJCCIC Advisory

Original Release Date: 2/14/2023

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals.

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence

Apple reports CVE-2023-23529 may have been exploited in the wild.

System Affected

  • Safari versions prior to 16.3.1 for macOS Big Sur and macOS Monterey
  • macOS Ventura versions prior to 13.2.1
  • iOS and iPadOS versions prior to 16.3.1

Risk

Government

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses

  • Large and medium business entities: High
  • Small business entities: Medium

Home Users: Low

Technical Summary

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Recommendations

  • Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
  • Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.

References

Apple

https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT213633
https://support.apple.com/en-us/HT213635
https://support.apple.com/en-us/HT213638

CVE

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23529

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions.  Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.