Apple has released emergency security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-23529, that impacts iOS, iPadOS, and macOS. The flaw is a type confusion issue in WebKit that was addressed by the IT giant with improved checks.
An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.
This is the first zero-day vulnerability addressed by Apple in 2023. As usual, Apple did not share details about the attacks in the wild exploiting this flaw.
The flaw impacts iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura.
Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.
The company also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.
“An app may be able to execute arbitrary code with kernel privileges” reads the advisory.
The vulnerability was reported by Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Apple)
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.