Apple Says Zero Day Vulnerability For iPhones And Macs May Have Been Exploited

The company released updates for iOS, iPadOS and macOS in response to the new vulnerability.

Apple has released security fixes for iPhones, Macs and iPads after the discovery of a new vulnerability affecting the devices, which the company said “may have been actively exploited.”

On Monday, Apple released iOS 16.3.1, iPadOS 16.3.1 and macOS Ventura 13.2.1 in response to the discovery of the WebKit vulnerability, which is being tracked at CVE-2023-23529.

[Related: Apple Patches Another Actively Exploited iOS, iPadOS Zero-Day]

In its notes on the vulnerability, Apple said that “processing maliciously crafted web content may lead to arbitrary code execution.”

“Apple is aware of a report that this issue may have been actively exploited,” the company said.

The flaw affects iPhone models as far back as iPhone 8, Macs running macOS Ventura and numerous iPad models.

The vulnerability has been characterized as a type confusion issue, which was addressed through “improved checks,” Apple said. It was discovered by an anonymous researcher, according to the company.

Apple has not yet provided details about the attacks that may have exploited the vulnerability, which is the first zero day that the company has had to fix in 2023 so far, according to a Bleeping Computer report.

The security fixes also address a kernel vulnerability (CVE-2023-23514) in iOS, iPadOS and macOS Ventura that was discovered by researchers at Google Project Zero, and a shortcuts vulnerability (CVE-2023-23522) in macOS Ventura.