Security News > 2023 > March > Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)
Apple has released security updates for - pardon the pop-culture reference - everyhing everywhere all at once, and has fixed the WebKit vulnerability exploited in the wild for users of older iPhones and iPads.
The presently most important fix among those delivered is the one for CVE-2023-23529, a type confusion issue in the WebKit browser engine, which can be triggered by maliciously crafted web content and ultimately allow code execution.
Details about specific attacks exploiting this flaw have yet to be publicly shared, but users of iPhone 6s, 7, SE, iPad Air 2, iPad mini, and iPod touch devices are advised to implement the update as soon as possible.
Additional WebKit flaws have been fixed in Safari and macOS Ventura updates.
CVE-2023-27965 was fixed in macOS Ventura and Studio Display's firmware update.
"Apparently, if you're running macOS Ventura and you've hooked your Mac up to a Studio Display, just updating the Ventura operating system itself isn't enough to secure you against potential system-level attacks," noted Paul Ducklin, Sophos Head of Technology for the Asia Pacific region.
News URL
https://www.helpnetsecurity.com/2023/03/28/cve-2023-23529-older-iphones-ipads/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-27965 | Out-of-bounds Write vulnerability in Apple Macos and Studio Display Firmware A memory corruption issue was addressed with improved state management. | 7.8 |
| 2023-02-27 | CVE-2023-23529 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved checks. | 8.8 |