Security News > 2023 > May > WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
2023-05-19 03:43

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.

An anonymous researcher has been acknowledged for reporting the other two issues.

It's worth noting that both CVE-2023-28204 and CVE-2023-32373 were patched as part of Rapid Security Response updates - iOS 16.4.1 and iPadOS 16.4.1 - the company released at the start of the month.

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.

iOS 16.5 and iPadOS 16.5 - iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

iOS 15.7.6 and iPadOS 15.7.6 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Ventura 13.4 - macOS Ventura.


News URL

https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-23 CVE-2023-32373 Use After Free vulnerability in multiple products
A use-after-free issue was addressed with improved memory management.
network
low complexity
apple redhat webkitgtk CWE-416
8.8
2023-06-23 CVE-2023-28204 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was addressed with improved input validation.
network
low complexity
apple webkitgtk CWE-125
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7