Security News > 2023 > May > WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.
An anonymous researcher has been acknowledged for reporting the other two issues.
It's worth noting that both CVE-2023-28204 and CVE-2023-32373 were patched as part of Rapid Security Response updates - iOS 16.4.1 and iPadOS 16.4.1 - the company released at the start of the month.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.
iOS 16.5 and iPadOS 16.5 - iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
iOS 15.7.6 and iPadOS 15.7.6 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Ventura 13.4 - macOS Ventura.
News URL
https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Zero-days dominate top frequently exploited vulnerabilities (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was addressed with improved input validation. | 6.5 |