Earlier this week, Apple has shipped emergency patches to address a new actively exploited zero-day vulnerability impacting iOS, iPadOS, and macOS.
The flaw tracked as CVE-2023-23529 is a type of confusion issue in WebKit. An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.
This bug marks as the first zero-day vulnerability addressed by Apple in 2023 and it is aware of a report that this issue may have been actively exploited.
The impacted devices are as follows
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
- Macs running macOS Ventura.
Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.
Apple also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.
As usual, Apple did not share details about the attacks in the wild exploiting this flaw.