March 28, 2023

Earlier this week, Apple has shipped emergency patches to address a new actively exploited zero-day vulnerability impacting iOS, iPadOS, and macOS.

The flaw tracked as CVE-2023-23529  is a type of confusion issue in WebKit. An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.

This bug marks as the first zero-day vulnerability addressed by Apple in 2023 and it is aware of a report that this issue may have been actively exploited.

Advertisements

The impacted devices are as follows

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Macs running macOS Ventura.

Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

Apple also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.

As usual, Apple did not share details about the attacks in the wild exploiting this flaw.

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: