Security News > 2023 > April > Apple fixes recently disclosed zero-days on older iPhones and iPads
Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.
The second zero-day is a WebKit use after free that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages.
Today, Apple addressed the zero-days in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management.
iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and Macs running macOS Monterey and Big Sur.
CISA also ordered federal agencies to patch their devices against these two security vulnerabilities, known as being actively exploited in the wild to hack iPhones, Macs, and iPads.
In mid-February, Apple patched another WebKit zero-day that was in attacks to trigger crashes and gain code execution on vulnerable iOS, iPadOS, and macOS devices.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)