December 9, 2023

Apple has released patches for three new zero-day vulnerabilities that are actively exploited in attacks in the wild affecring iPhones, Macs, and iPads.

The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the WebKit browser engine. Below are the details of the three issues:

  • CVE-2023-32409 – A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Though Apple did not provide details about the attacks, and the three issues were likely exploited in attacks conducted by nation-state actors or by surveillance firms.
  • CVE-2023-28204 – Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
  • CVE-2023-32373 – Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Advertisements

Apple is aware of a report that this issue may have been actively exploited and released iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, Safari 16.5, and macOS Ventura 13.4 to address the issues.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023
%d