Security News > 2023 > July > Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.
The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.
Credited with discovering and reporting the flaw is an anonymous researcher.
Apple noted in a terse advisory that it's "Aware of a report that this issue may have been actively exploited."
Apple has addressed 10 zero-day vulnerabilities in its software since the start of 2023.
It also arrives weeks after the company rolled out patches to fix three zero-days, two of which have been weaponized by unidentified actors in connection with an espionage campaign called Operation Triangulation.
News URL
https://thehackernews.com/2023/07/apple-issues-urgent-patch-for-zero-day.html
Related news
- Apple backports iOS zero-day patch, adds Bluetooth tracker alert (source)
- Apple backports fix for RTKit iOS zero-day to older iPhones (source)
- Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- CrushFTP warns users to patch exploited zero-day “immediately” (source)
- Apple's 'incredibly private' Safari is not so private in Europe (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-27 | CVE-2023-37450 | Unspecified vulnerability in Apple products The issue was addressed with improved checks. | 8.8 |