5 October 2023

Apple, Atlassian ship patches for iOS, Confluence zero-days


Apple, Atlassian ship patches for iOS, Confluence zero-days

Apple released emergency security updates to fix a new zero-day vulnerability in its iOS and iPadOS platforms that has been exploited in the wild.

Tracked as CVE-2023-42824, the kernel vulnerability could allow a local application to execute arbitrary code on the system with elevated privileges. The Cupertino giant said it addressed the issue with improved checks.

As per usual, the iPhone maker withheld additional details regarding the attacks that have exploited this flaw, only saying that it “is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.”

Besides CVE-2023-42824, Apple’s latest update (iOS 17.0.3 and iPadOS 17.0.3) addresses CVE-2023-44488 and CVE-2023-5217 related to the program libvpx library.

Separately, Australian software company Atlassian rolled out security updates to fix an actively exploited zero-day flaw affecting Confluence Data Center and Server instances.

The zero-day vulnerability (CVE-2023-22515) allows to create unauthorized Confluence administrator accounts and access Confluence instances. The issue impacts Confluence Server and Data Center 8.0.0 to 8.5.1.

Users are strongly recommended to apply patches ASAP or to restrict network access to affected devices and block access to the /setup/* endpoints on Confluence instances if the upgrade is not possible at the moment.

In addition, US networking giant Cisco has issued security updates to fix a Cisco Emergency Responder (CER) backdoor (CVE-2023-20101) that lets attackers log into unpatched systems using hard-coded credentials.

Back to the list

Latest Posts

Cyber Security Week in Review: April 12, 2024

Cyber Security Week in Review: April 12, 2024

In brief: Microsoft and Palo Alto fix zero-days, Sisense suffers data breach, and more.
12 April 2024
TA547 threat actor targets German orgs with Rhadamanthys info-stealer

TA547 threat actor targets German orgs with Rhadamanthys info-stealer

The group appears to have incorporated LLM-generated PowerShell scripts in their attacks.
11 April 2024
Apple enhances spyware threat notifications

Apple enhances spyware threat notifications

The company will alert users who are individually targeted by mercenary spyware attacks.
11 April 2024