The average time that it takes threat actors to exploit vulnerabilities - either prior to or after their public disclosure - is going down.
The three zero days (CVE-2023-41991, CVE-2023-41992 and CVE-2023-41993) impact various versions of macOS, iOS, iPadOS and watchOS.
Apple has rolled out iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 to address the security flaws.
The actively exploited flaw in Ivanti Endpoint Manager Mobile can be used in conjunction with another zero day addressed last week.
The Microsoft zero-day flaw (CVE-2023-36884) is being leveraged by a Russian-based cybercriminal group in phishing emails sent to defense and government entities in Europe and North America.