To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Apple recently issued security update notifications for multiple vulnerabilities, three zero-day vulnerabilities CVE-2023-32434, CVE-2023-32435 and CVE-2023-32439 are widely exploited. These vulnerabilities are related to the Kernel and WebKit components, which could lead to arbitrary code execution.
- Apple Kernel privilege escalation vulnerability (CVE-2023-32434)
Apple Kernel has an integer overflow vulnerability that could be exploited by local application to execute arbitrary code with kernel privileges.
- Apple WebKit arbitrary code execution vulnerability (CVE-2023-32435 and CVE-2023-32439)
Apple WebKit has the vulnerability that could cause memory corruption and type confusion, when the WebKit component runs maliciously crafted web content, the hacker could execute arbitrary code on the target device.
Affected Product Versions:
Safari version lower than 16.5.1
iOS 16.5.1 and iPadOS version lower than 16.5.1
iOS 15.7.7 and iPadOS version lower than 15.7.7
macOS Ventura version lower than 13.4.1
macOS Monterey version lower than 12.6.7
macOS Big Sur version lower than 11.7.8
watchOS version lower than 9.5.2
watchOS version lower than 8.8.1
If the above affected products are being used, it is recommended to:
- schedule testing and install security updates released by Apple as soon as possible;
- backup and test your work before update.
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : email@example.com
Information and Communication Technology Office