Security News > 2023 > May > Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.
Apple TV 4K and Apple TV HD. The company also revealed that CVE-2023-28204 and CVE-2023-32373 were first addressed with the Rapid Security Response patches for iOS 16.4.1 and macOS 13.3.1 devices issued on May 1.
While Apple says it's aware that the three zero-days patched today are under exploitation, it didn't share any information regarding these attacks.
In April, Apple fixed two other zero-days part of in-the-wild exploit chains of Android, iOS, and Chrome zero-day and n-day vulnerabilities, abused to deploy commercial spyware on the devices of high-risk targets worldwide.
In February, Apple addressed one more WebKit zero-day exploited in attacks to gain code execution on vulnerable iPhones, iPads, and Macs.
News URL
Related news
- Apple backports fix for RTKit iOS zero-day to older iPhones (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
| 2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.5 |