Zero-Day Threat Alert: Hackers Target iPhones, iPads, and Macs
Reading Time: 3 Minutes
Apple’s Response to New Zero-Day Vulnerability
Apple has released emergency security updates to address a new zero-day vulnerability used in recent attacks to hack iPhones, iPads, and Macs. The zero-day, tracked as CVE-2023-23529, is a WebKit confusion issue that could lead to OS crashes and code execution on compromised devices.
In response, Apple has improved checks in the latest versions of iOS, iPadOS, and macOS, including iPhone 8 and later, iPad Pro, iPad Air, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura.
In addition to the zero-day vulnerability, Apple has also patched a kernel use after free flaw (CVE-2023-23514) reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
This flaw could lead to arbitrary code with kernel privileges on Macs and iPhones, making it another critical threat to user security.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Urgent Update Highly Recommended
Although the extent of the zero-day vulnerability’s exploitation is unknown, Apple has stated that they are aware of reports of in-the-wild exploitation. To protect your device and prevent potential attack attempts, it is highly recommended to install today’s emergency updates as soon as possible.
Apple has not released specific information regarding the exploitation of the zero-day vulnerability, likely to allow more users to update their devices before more attackers can develop and deploy their own custom exploits.
Trending: Major Cyber Attacks of 2022
Trending: Recon Tool: SauronEye
Apple Addresses Remotely Exploitable Zero-Day Flaw
This latest security update from Apple follows last month’s backported security patches for a remotely exploitable zero-day flaw discovered by Clément Lecigne of Google’s Threat Analysis Group, which was addressed for older iPhones and iPads.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com