Security News > 2023 > February > Apple splats zero-day bug, other gremlins in macOS, iOS

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited.
Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."
Citizen Lab has a history of documenting vulnerabilities in Apple software that have been exploited by government authorities using commercial spyware like NSO Group's Pegasus.
Apple did not immediately respond on the record to a request to comment about whether this zero-day is being exploited by commercial spyware customers.
Apple provides few details about its fix beyond noting that it addressed the privacy issue in the Shortcuts component by improving how the operating system handles temporary files.
In January, Apple backported a fix from last year for a WebKit flaw under active exploitation to iPhone 5 and similarly outdated devices running iOS 12.5.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/15/apple_patches_zeroday_vulnerability/
Related news
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)