Artificial Inteligence
Development
February 05, 2025
Apple frequently addresses security flaws in its products to protect user privacy and data. Two recent Common Vulnerabilities and Exposures (CVEs), CVE-2023-23512 and CVE-2023-35990, affect various Apple operating systems, exposing users to potential risks. In this article, we’ll cover these vulnerabilities, their impacts, and the mitigations available to users.
Affected Systems: macOS Ventura
Impact: This issue allows a denial-of-service (DoS) condition to occur when a user visits a maliciously crafted website
Mitigation: Apple addressed this issue in an update for macOS Ventura by enhancing memory handling in WebKit. To protect against this vulnerability, users should update their operating system to the latest version where the patch has been applied. Regularly updating the operating system helps secure devices from such vulnerabilities.
Affected Systems: iOS, iPadOS, macOS, watchOS (pre-iOS 17, macOS 14, watchOS 10)
Impact: CVE-2023-35990 allows a malicious app to identify other applications installed on a device. This breach of privacy could expose a user’s app installation history, which could lead to more targeted attacks if sensitive information can be inferred from app usage.
Mitigation: Apple has patched this vulnerability in iOS 17, iPadOS 17, macOS 14, and watchOS 10. Users are encouraged to upgrade to these versions to prevent exploitation. Additionally, avoiding suspicious app installations and only granting necessary permissions can minimize exposure to similar vulnerabilities.
Both CVE-2023-23512 and CVE-2023-35990 highlight how critical regular software updates are for maintaining device security. By implementing Apple’s updates, users can mitigate these vulnerabilities and safeguard their data and privacy from potential exploits.
For more detailed technical information, you can review the advisories from Apple Support and CVE documentation resources.
Sources:
