Security News > 2023 > May > Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.
Apple TV 4K and Apple TV HD. The company also revealed that CVE-2023-28204 and CVE-2023-32373 were first addressed with the Rapid Security Response patches for iOS 16.4.1 and macOS 13.3.1 devices issued on May 1.
While Apple says it's aware that the three zero-days patched today are under exploitation, it didn't share any information regarding these attacks.
In April, Apple fixed two other zero-days part of in-the-wild exploit chains of Android, iOS, and Chrome zero-day and n-day vulnerabilities, abused to deploy commercial spyware on the devices of high-risk targets worldwide.
In February, Apple addressed one more WebKit zero-day exploited in attacks to gain code execution on vulnerable iPhones, iPads, and Macs.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)
- First Apple-notarized porn app available to iPhone users in Europe (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
| 2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |