Security News > 2023 > March > Apple fixes recently disclosed WebKit zero-day on older iPhones
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day.
While the CVE-2023-23529 zero-day was likely only used in targeted attacks, it's highly advised to install today's security updates as soon as possible to block potential attack attempts targeting users of iPhone and iPad devices running older software.
In January, Apple also backported patches for a remotely exploitable zero-day flaw to older iPhones and iPads.
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs.
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-23529 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |