Security News > 2023 > July > Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
2023-07-25 09:44

Apple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported.

In early July, Apple fixed an actively exploited zero-day vulnerability in WebKit.

The vulnerability has been patched via a Rapid Security Response update in iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1, and in Safari via a regular update, thus also delivering the fix to users of older macOS versions.

The July 24 security updates have fixed a variety of vulnerabilities affecting the various OS releases, including another zero-day vulnerability exploited by attackers.

"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," Apple commented.

Users of Apple devices are advised to implement the latest updates as soon as possible.


News URL

https://www.helpnetsecurity.com/2023/07/25/cve-2023-38606/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-27 CVE-2023-38606 Unspecified vulnerability in Apple products
This issue was addressed with improved state management.
local
low complexity
apple
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349