Security News > 2023 > March > Apple fixes recently disclosed WebKit zero-day on older iPhones
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day.
While the CVE-2023-23529 zero-day was likely only used in targeted attacks, it's highly advised to install today's security updates as soon as possible to block potential attack attempts targeting users of iPhone and iPad devices running older software.
In January, Apple also backported patches for a remotely exploitable zero-day flaw to older iPhones and iPads.
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs.
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022.
News URL
Related news
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-23529 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |