Security News > 2023 > February > Apple fixes new WebKit zero-day exploited to hack iPhones, Macs

Apple fixes new WebKit zero-day exploited to hack iPhones, Macs
2023-02-13 19:18

Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs.

The zero-day patched today is tracked as CVE-2023-23529 [1, 2] and is a WebKit confusion issue that could be exploited to trigger OS crashes and gain code execution on compromised devices.

"Processing maliciously crafted web content may lead to arbitrary code execution," Apple said when describing the zero-day.

Today, Apple also patched a kernel use after free flaw reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero that could lead to arbitrary code with kernel privileges on Macs and iPhones.

By restricting access to this information, Apple likely wants to allow as many users as possible to update their devices before more attackers pick up on the zero-day's details to develop and deploy their own custom exploits targeting vulnerable iPhones, iPads, and Macs.

Last month, Apple also backported security patches for a remotely exploitable zero-day flaw discovered by Clément Lecigne of Google's Threat Analysis Group to older iPhones and iPads.


News URL

https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-27 CVE-2023-23529 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved checks.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7