Sinokap
Menu
Get In Touch
September 21, 2023

Apple多个产品高危漏洞安全风险通告,利用可能性极高!

E-Mail:

consulting@sinokap.com
Site Link:

https://it-support-china.com/
Share:
Weixin

2023年9月8号,奇安信CERT监测到Apple官方发布了多个产品高危漏洞,包括两个任意代码执行漏洞,分别是CVE-2023-41064和CVE-2023-41061,这两个漏洞被称为BLASTPASS漏洞利用链,攻击者能够在不与受害者进行任何交互的情况下借助PassKit附件进行利用,从攻击者 iMessage 帐户发送恶意图像给受害者从而执行任意代码。该漏洞利用可能性极高,影响对象数量级高达百万。

图片来源于安全内参

CVE-2023-41064

漏洞描述:

Apple多个产品中存在缓冲区溢出漏洞,攻击者从 iMessage 帐户发送恶意图像给受害者,在不与受害者进行任何交互的情况下执行任意代码。

影响版本:

  • macOS Ventura < 13.5.2

  • iOS < 16.6.1

  • iPadOS < 16.6.1

CVE-2023-41061

漏洞描述:

Apple多个产品中存在逻辑验证错误问题,攻击者借助恶意制作的PassKit附件,在不与受害者进行任何交互的情况下执行任意代码。

影响版本:

  • iOS < 16.6.1

  • iPadOS < 16.6.1

  • watchOS < 9.6.2

安全更新及缓解措施

目前,官方已发布最新版本修复这些漏洞,建议用户尽快更新设备。

更新信息参考:

另外还有一个缓解措施,设备开启锁定模式

锁定模式参考:

Table of Contents

What We Provide
IT Outsourcing Service
Managed IT Service
IT Infrastructure Services
Office Move & Relocation
Network Optimization
VPN Service Support
Data Recovery & Erase
Server Management
Sinokap Tags
ChatGPT Chrome Cisco DNS Employee Training Free Tools IT Solution KDB Microsoft Network News OneDrive OneNote Online Meeting Outlook PC PDF XChange Editor Remote Work SharePoint Teams Technology Troubleshooting WeChat Windows Work Efficiency

How can we help you?

Call Us, Write Us, Or Knock On Our Door. We are here to help. Thanks for contacting us!

 

Contact Us

Recent Posts

How to forward emails to Todoist – Manage your tasks efficiently

How to forward emails to Todoist – Manage your tasks efficiently

Read more

Discover more from Sinokap

Subscribe now to keep reading and get access to the full archive.

Continue reading