Security News > 2023 > February > Apple fixes new WebKit zero-day exploited to hack iPhones, Macs
Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs.
The zero-day patched today is tracked as CVE-2023-23529 [1, 2] and is a WebKit confusion issue that could be exploited to trigger OS crashes and gain code execution on compromised devices.
"Processing maliciously crafted web content may lead to arbitrary code execution," Apple said when describing the zero-day.
Today, Apple also patched a kernel use after free flaw reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero that could lead to arbitrary code with kernel privileges on Macs and iPhones.
By restricting access to this information, Apple likely wants to allow as many users as possible to update their devices before more attackers pick up on the zero-day's details to develop and deploy their own custom exploits targeting vulnerable iPhones, iPads, and Macs.
Last month, Apple also backported security patches for a remotely exploitable zero-day flaw discovered by Clément Lecigne of Google's Threat Analysis Group to older iPhones and iPads.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-23529 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |