Security News > 2023 > March > Apple fixes recently disclosed WebKit zero-day on older iPhones
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day.
While the CVE-2023-23529 zero-day was likely only used in targeted attacks, it's highly advised to install today's security updates as soon as possible to block potential attack attempts targeting users of iPhone and iPad devices running older software.
In January, Apple also backported patches for a remotely exploitable zero-day flaw to older iPhones and iPads.
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs.
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022.
News URL
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-23529 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |