Security News > 2023 > July > Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.
Credited with discovering and reporting the flaw is an anonymous researcher.
Apple noted in a terse advisory that it's "Aware of a report that this issue may have been actively exploited."
Apple has addressed 10 zero-day vulnerabilities in its software since the start of 2023.
It also arrives weeks after the company rolled out patches to fix three zero-days, two of which have been weaponized by unidentified actors in connection with an espionage campaign called Operation Triangulation.
News URL
https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-27 | CVE-2023-37450 | The issue was addressed with improved checks. | 8.8 |