This means part of the memory was storing too much data, and so started storing it in the wrong place, which can cause problems. It also means that devices running that software were vulnerable to attack, because the tech giant had not released a patch or security update to fix it.Īpple said that it is aware that both CVE-2023-28206 and CVE-2023-28205 'may have been actively exploited' prior to the release of iOS 16.4.1, macOS Ventura 13.3.1 and iPadOS 16.4.1.ĬVE-2023-28206 was an 'out-of-bounds write issue' within the IOSurfaceAccelerator, a part of the software which manages pixel data.
The vulnerabilities, dubbed CVE-2023-28206 and CVE-2023-28205, are what's known as 'zero-day' flaws, which means they were unknown to Apple when the software was deployed. It could even allow them to gain control of other devices connected to the network, or internet, that the original was connected to. This code could give them access to private data, let them gain control over the device's functionality and allow them to install malware.
0 kommentar(er)
