Security News > 2023 > May > Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple fixes three new zero-days exploited to hack iPhones, Macs
2023-05-18 19:34

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.

Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.

Apple TV 4K and Apple TV HD. The company also revealed that CVE-2023-28204 and CVE-2023-32373 were first addressed with the Rapid Security Response patches for iOS 16.4.1 and macOS 13.3.1 devices issued on May 1.

While Apple says it's aware that the three zero-days patched today are under exploitation, it didn't share any information regarding these attacks.

In April, Apple fixed two other zero-days part of in-the-wild exploit chains of Android, iOS, and Chrome zero-day and n-day vulnerabilities, abused to deploy commercial spyware on the devices of high-risk targets worldwide.

In February, Apple addressed one more WebKit zero-day exploited in attacks to gain code execution on vulnerable iPhones, iPads, and Macs.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-three-new-zero-days-exploited-to-hack-iphones-macs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-32373 Use After Free vulnerability in multiple products
A use-after-free issue was addressed with improved memory management.
network
low complexity
apple redhat webkitgtk CWE-416
8.8
2023-06-23 CVE-2023-28204 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was addressed with improved input validation.
network
low complexity
apple webkitgtk CWE-125
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349