Security News > 2023 > March > Apple fixes recently disclosed WebKit zero-day on older iPhones

Apple fixes recently disclosed WebKit zero-day on older iPhones
2023-03-27 19:40

Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day.

While the CVE-2023-23529 zero-day was likely only used in targeted attacks, it's highly advised to install today's security updates as soon as possible to block potential attack attempts targeting users of iPhone and iPad devices running older software.

In January, Apple also backported patches for a remotely exploitable zero-day flaw to older iPhones and iPads.

Apple fixes new WebKit zero-day exploited to hack iPhones, Macs.

Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-recently-disclosed-webkit-zero-day-on-older-iphones/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-27 CVE-2023-23529 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved checks.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7