Security News > 2023 > April > Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild.
Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it's aware the bugs "May have been actively exploited."
The updates are available in version iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1.
iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple has patched three zero-days since the start of the year.
In February, Apple addressed another actively exploited zero-day in WebKit that could result in arbitrary code execution.
News URL
https://thehackernews.com/2023/04/apple-releases-updates-to-address-zero.html
Related news
- Apple backports fix for RTKit iOS zero-day to older iPhones (source)
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
- Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)
- Apple wasn’t storing deleted iOS photos in iCloud after all (source)
- Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-10 | CVE-2023-28205 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |