Security News > 2023 > February > Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
It's not immediately clear as to how the vulnerability is being exploited in real-world attacks, but it's the second actively abused type confusion flaw in WebKit to be patched by Apple after CVE-2022-42856 in as many months, which was closed in December 2022.
WebKit flaws are also notable for the fact that they impact every third-party web browser that's available for iOS and iPadOS owing to Apple's restrictions that require browser vendors to use the same rendering framework.
Separately, the latest macOS update also plugs a privacy defect in Shortcuts that a malware-laced app can take advantage of to "Observe unprotected user data." The problem, Apple noted, was fixed with improved handling of temporary files.
Users are advised to update to iOS 16.3.1, iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.1 to mitigate potential risks.
Macs running macOS Ventura, macOS Big Sur, and macOS Monterey.
News URL
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Oracle warns that macOS 14.4 update breaks Java on Apple CPUs (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-15 | CVE-2022-42856 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved state handling. | 8.8 |