Security News > 2023 > May > WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.
An anonymous researcher has been acknowledged for reporting the other two issues.
It's worth noting that both CVE-2023-28204 and CVE-2023-32373 were patched as part of Rapid Security Response updates - iOS 16.4.1 and iPadOS 16.4.1 - the company released at the start of the month.
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.
iOS 16.5 and iPadOS 16.5 - iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
iOS 15.7.6 and iPadOS 15.7.6 - iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, and iPod touch macOS Ventura 13.4 - macOS Ventura.
News URL
https://thehackernews.com/2023/05/webkit-under-attack-apple-issues.html
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-32373 | Use After Free vulnerability in multiple products A use-after-free issue was addressed with improved memory management. | 8.8 |
| 2023-06-23 | CVE-2023-28204 | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 6.5 |