September 21, 2023

Earlier this week, Apple has shipped emergency patches to address a new actively exploited zero-day vulnerability impacting iOS, iPadOS, and macOS.

The flaw tracked as CVE-2023-23529  is a type of confusion issue in WebKit. An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.

This bug marks as the first zero-day vulnerability addressed by Apple in 2023 and it is aware of a report that this issue may have been actively exploited.

Advertisements

The impacted devices are as follows

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • Macs running macOS Ventura.

Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

Apple also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.

As usual, Apple did not share details about the attacks in the wild exploiting this flaw.

Leave a Reply

%d bloggers like this: