June 7, 2023

Apple has released patches for three new zero-day vulnerabilities that are actively exploited in attacks in the wild affecring iPhones, Macs, and iPads.

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues:

  • CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Though Apple did not provide details about the attacks, and the three issues were likely exploited in attacks conducted by nation-state actors or by surveillance firms.
  • CVE-2023-28204 – Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
  • CVE-2023-32373 – Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Advertisements

Apple is aware of a report that this issue may have been actively exploited and released iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, Safari 16.5, and macOS Ventura 13.4 to address the issues.

Leave a Reply

%d bloggers like this: