Home Technology Apple fixes new WebKit zero-day exploited to hack iPhones, Macs

Apple fixes new WebKit zero-day exploited to hack iPhones, Macs

0

[ad_1]

Apple

Apple has launched emergency safety updates to deal with a brand new zero-day vulnerability utilized in assaults to hack iPhones, iPads, and Macs.

The zero-day patched as we speak is tracked as CVE-2023-23529 [12] and is a WebKit confusion subject that may very well be exploited to set off OS crashes and achieve code execution on compromised gadgets.

Profitable exploitation allows attackers to execute arbitrary code on gadgets working weak iOS, iPadOS, and macOS variations after opening a malicious internet web page (the bug additionally impacts Safari 16.3.1 on macOS Large Sur and Monterey).

“Processing maliciously crafted internet content material might result in arbitrary code execution,” Apple mentioned when describing the zero-day.

“Apple is conscious of a report that this subject might have been actively exploited.”

Apple addressed CVE-2023-23529 with improved checks in iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

The whole record of impacted gadgets is sort of intensive, because the bug impacts older and newer fashions, and it consists of:

  • iPhone 8 and later
  • iPad Professional (all fashions), iPad Air third technology and later, iPad fifth technology and later, and iPad mini fifth technology and later
  • Macs working macOS Ventura

In the present day, Apple additionally patched a kernel use after free flaw (CVE-2023-23514) reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Undertaking Zero that might result in arbitrary code with kernel privileges on Macs and iPhones.

First zero-day patched by Apple this yr

Though the corporate disclosed that it is conscious of in-the-wild exploitation stories, it has but to publish data relating to these assaults.

By proscribing entry to this data, Apple possible desires to permit as many customers as potential to replace their gadgets earlier than extra attackers choose up on the zero-day’s particulars to develop and deploy their very own customized exploits focusing on weak iPhones, iPads, and Macs.

Whereas this zero-day bug was possible solely utilized in focused assaults, putting in as we speak’s emergency updates as quickly as potential is extremely beneficial to dam potential assault makes an attempt.

Final month, Apple additionally backported safety patches for a remotely exploitable zero-day flaw found by Clément Lecigne of Google’s Menace Evaluation Group to older iPhones and iPads.

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here