Security News > 2023 > May > WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.
An anonymous researcher has been acknowledged for reporting the other two issues.
It's worth noting that both CVE-2023-28204 and CVE-2023-32373 were patched as part of Rapid Security Response updates - iOS 16.4.1 and iPadOS 16.4.1 - the company released at the start of the month.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.
iOS 16.5 and iPadOS 16.5 - iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
iOS 15.7.6 and iPadOS 15.7.6 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Ventura 13.4 - macOS Ventura.
News URL
https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
| 2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |