Apple on Monday rolled out security updates for iOS, iPad, MacOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.
Tracked as CVE-2023-23529, the issue relates to a type of confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.
The iPhone maker said they addressed the bug with improved checks, adding its “aware of a report that this issue may have been actively exploited.” They have credited an anonymous researcher with reporting the flaw.
It’s not immediately clear how the vulnerability is being exploited in real-world attacks, WebKit flaws are also notable because they impact every third-party web browser that’s available for iOS and iPadOS owing to Apple’s restrictions that require browser vendors to use the same rendering framework.
We advise users to update to iOS 16.3.1, iPad 16.3.1, MacOS Ventura 13.2.1, and Safari 16.3.1 to mitigate potential risks.
Comments