September 21, 2023

Earlier this week, Apple has shipped emergency patches to address a new actively exploited zero-day vulnerability impacting iOS, iPadOS, and macOS.

The flaw tracked as CVE-2023-23529  is a type of confusion issue in WebKit. An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.

This bug marks as the first zero-day vulnerability addressed by Apple in 2023 and it is aware of a report that this issue may have been actively exploited.

Advertisements

The impacted devices are as follows

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Macs running macOS Ventura.

Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

Apple also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.

As usual, Apple did not share details about the attacks in the wild exploiting this flaw.

Tags:

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: