New Vulnerabilities in Apple Products Exploited in the Wild

Share :

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.  

Vulnerability  Description  Impacted Products 
CVE-2023-41064  A Buffer Overflow vulnerability where processing a maliciously crafted image may lead to arbitrary code execution.  macOS, iOS, iPadOS 
CVE-2023-41061  A Validation Issue where a maliciously crafted attachment may result in arbitrary code execution.  watchOS, iOS, iPadOS 


Citizen Lab observed these two vulnerabilities being exploited in the wild in a zero-click exploit chain named BLASTPASS to deploy Pegasus, a spyware developed by the Israeli based NSO group to gather information from mobile devices. In the past, NSO group has supplied foreign governments with Pegasus to target government officials, journalists, embassy workers, and other industries. No further technical details have been shared in regard to the specifics of this exploitation chain at this time. 

MacOS and iOS can be an attractive target for threat actors to target with spyware as these devices can hold sensitive company data, especially in organizations with a Bring Your Own Device (BYOD) policy where security updates may not be enforced.  


Upgrade Apple Products to Fixed Version 

Arctic Wolf strongly recommends upgrading MacOS to MacOS Ventura 13.5.2. The update can be performed on an Apple Mac device by going to System Settings > Software Update.  

Arctic Wolf also recommends ensuring that iPhone and iPad devices with company data are updated with their respective updates to iOS 16.6.1 and iPadOS 16.6.1 by going to Settings > General > Software Update. 

Note: Citizen Lab urges all at-risk users to enable Lockdown mode as this has been confirmed by Apple’s Security Engineering and Architecture team that Lockdown Mode blocks this particular attack. 

Please follow your organization’s patching and testing guidelines to avoid operational impact. 


  1. Apple MacOS Ventura 13.5.2 Advisory
  2. Apple iOS 16.6.1 and iPadOS 16.6.1 Advisory
  3. Apple watchOS 9.6.2 Advisory 
  4. Citizen Lab Report
  5. U.S Department of Commerce Adds NSO Group to Entity List 
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter