Apple is rushing to fix 3 new 0day that affect Safari, macOS, iOS

Apple has now patched three current zero-day vulnerabilities affecting iOS, iPadOS, macOS, watchOS, and Safari with yet another wave of security updates. This brings the total number of zero-day issues found in Apple products this year to sixteen.

The following is a list of security flaws:

A security framework certificate validation flaw (CVE-2023-41891) can make it possible for a malicious software to evade signature validation.
A kernel security vulnerability, identified as CVE-2023-41992, may enable a local attacker to gain further privileges.
CVE-2023-41993: This WebKit vulnerability, when processed by carefully designed web content, might lead to arbitrary code execution.

Apart from acknowledging that the “issue may have been actively exploited against versions of iOS before iOS 16.7,” Apple did not provide any more details.

(Score: 12) - 4.6/5