Security News > 2023 > July > Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
Apple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported.
In early July, Apple fixed an actively exploited zero-day vulnerability in WebKit.
The vulnerability has been patched via a Rapid Security Response update in iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1, and in Safari via a regular update, thus also delivering the fix to users of older macOS versions.
The July 24 security updates have fixed a variety of vulnerabilities affecting the various OS releases, including another zero-day vulnerability exploited by attackers.
"Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," Apple commented.
Users of Apple devices are advised to implement the latest updates as soon as possible.
News URL
https://www.helpnetsecurity.com/2023/07/25/cve-2023-38606/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2023-38606 | Unspecified vulnerability in Apple products This issue was addressed with improved state management. | 5.5 |