The identified flaws, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, include a sandbox escape flaw, an out-of-bounds read flaw enabling access to sensitive information, and a use-after-free vulnerability facilitating arbitrary code execution. Apple’s security advisory disclosed that the company is aware of potential active exploitation of these vulnerabilities. However, specific details about the groups involved or their techniques were withheld to prevent further harm while users update their devices. It remains unknown whether any new malware has been observed in the wild.
