Security News > 2023 > May > Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)
2023-05-19 11:13

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited."

The notes accompanying the updates also revealed that Apple's first Rapid Security Response update, which was pushed out earlier this month, contained fixes for two WebKit 0-days.

CVE-2023-28204 and CVE-2023-32373 can be triggered by WebKit - the browser engine that powers Safari and all web browsers on iOS and iPadOS - processing specially crafted web content.

Details about the attacks in which these last WebKit zero-days are getting exploited are also undisclosed, since Apple is famously tight-lipped when it comes to sharing those.

Fixes for the three WebKit zero-days are not present in the older macOS versions, but the Safari update has them.

The Rapid Security Response updates are also only available for the latest macOS, iOS and iPadOS versions, which is another reason why users of older versions should apply these latest updates as quickly as possible.


News URL

https://www.helpnetsecurity.com/2023/05/19/cve-2023-28204-cve-2023-32373-cve-2023-32409/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-32409 Unspecified vulnerability in Apple products
The issue was addressed with improved bounds checks.
network
low complexity
apple
8.6
2023-06-23 CVE-2023-32373 Use After Free vulnerability in multiple products
A use-after-free issue was addressed with improved memory management.
network
low complexity
apple redhat webkitgtk CWE-416
8.8
2023-06-23 CVE-2023-28204 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was addressed with improved input validation.
network
low complexity
apple webkitgtk CWE-125
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7