Zero-Day Threat Alert: Hackers Target iPhones, iPads, and Macs

Reading Time: 3 Minutes

Apple’s Response to New Zero-Day Vulnerability

Apple has released emergency security updates to address a new zero-day vulnerability used in recent attacks to hack iPhones, iPads, and Macs. The zero-day, tracked as CVE-2023-23529, is a WebKit confusion issue that could lead to OS crashes and code execution on compromised devices.

In response, Apple has improved checks in the latest versions of iOS, iPadOS, and macOS, including iPhone 8 and later, iPad Pro, iPad Air, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura.

In addition to the zero-day vulnerability, Apple has also patched a kernel use after free flaw (CVE-2023-23514) reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
This flaw could lead to arbitrary code with kernel privileges on Macs and iPhones, making it another critical threat to user security.

Urgent Update Highly Recommended

Although the extent of the zero-day vulnerability’s exploitation is unknown, Apple has stated that they are aware of reports of in-the-wild exploitation. To protect your device and prevent potential attack attempts, it is highly recommended to install today’s emergency updates as soon as possible.

Apple has not released specific information regarding the exploitation of the zero-day vulnerability, likely to allow more users to update their devices before more attackers can develop and deploy their own custom exploits.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link