Security News > 2023 > February > Apple splats zero-day bug, other gremlins in macOS, iOS

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited.
Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."
Citizen Lab has a history of documenting vulnerabilities in Apple software that have been exploited by government authorities using commercial spyware like NSO Group's Pegasus.
Apple did not immediately respond on the record to a request to comment about whether this zero-day is being exploited by commercial spyware customers.
Apple provides few details about its fix beyond noting that it addressed the privacy issue in the Shortcuts component by improving how the operating system handles temporary files.
In January, Apple backported a fix from last year for a WebKit flaw under active exploitation to iPhone 5 and similarly outdated devices running iOS 12.5.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/15/apple_patches_zeroday_vulnerability/
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- How to secure Notes on iOS and macOS (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)