Security News > 2023 > May > Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.
Apple TV 4K and Apple TV HD. The company also revealed that CVE-2023-28204 and CVE-2023-32373 were first addressed with the Rapid Security Response patches for iOS 16.4.1 and macOS 13.3.1 devices issued on May 1.
While Apple says it's aware that the three zero-days patched today are under exploitation, it didn't share any information regarding these attacks.
In April, Apple fixed two other zero-days part of in-the-wild exploit chains of Android, iOS, and Chrome zero-day and n-day vulnerabilities, abused to deploy commercial spyware on the devices of high-risk targets worldwide.
In February, Apple addressed one more WebKit zero-day exploited in attacks to gain code execution on vulnerable iPhones, iPads, and Macs.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
| 2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |