Security News > 2023 > March > Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)

Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)
2023-03-28 11:23

Apple has released security updates for - pardon the pop-culture reference - everyhing everywhere all at once, and has fixed the WebKit vulnerability exploited in the wild for users of older iPhones and iPads.

The presently most important fix among those delivered is the one for CVE-2023-23529, a type confusion issue in the WebKit browser engine, which can be triggered by maliciously crafted web content and ultimately allow code execution.

Details about specific attacks exploiting this flaw have yet to be publicly shared, but users of iPhone 6s, 7, SE, iPad Air 2, iPad mini, and iPod touch devices are advised to implement the update as soon as possible.

Additional WebKit flaws have been fixed in Safari and macOS Ventura updates.

CVE-2023-27965 was fixed in macOS Ventura and Studio Display's firmware update.

"Apparently, if you're running macOS Ventura and you've hooked your Mac up to a Studio Display, just updating the Ventura operating system itself isn't enough to secure you against potential system-level attacks," noted Paul Ducklin, Sophos Head of Technology for the Asia Pacific region.


News URL

https://www.helpnetsecurity.com/2023/03/28/cve-2023-23529-older-iphones-ipads/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2023-27965 Out-of-bounds Write vulnerability in Apple Macos and Studio Display Firmware
A memory corruption issue was addressed with improved state management.
local
low complexity
apple CWE-787
7.8
2023-02-27 CVE-2023-23529 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved checks.
network
low complexity
apple CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7