The Latest Zero-Day Vulnerabilities From Apple, Microsoft
The tech giants this week disclosed new vulnerabilities that they said have been exploited in cyberattacks.
Apple: iOS, iPadOS, macOS Vulnerability
On Monday, Apple released security fixes for iPhones, Macs and iPads after the discovery of the new vulnerability affecting the devices, which is being tracked at CVE-2023-23529. The company released iOS 16.3.1, iPadOS 16.3.1 and macOS Ventura 13.2.1 in response to the discovery of the WebKit vulnerability.
In its notes on the WebKit vulnerability, Apple said that it’s “aware of a report that this issue may have been actively exploited.” The flaw affects iPhone models as far back as iPhone 8, Macs running macOS Ventura and numerous iPad models. CISA said it’s urging administrators and users to review the information posted by Apple and “apply the necessary updates as soon as possible.”
The vulnerability has been characterized as a type confusion issue, which was addressed through “improved checks,” Apple said. It was discovered by an anonymous researcher, according to the company.
Further details on the vulnerability have been hard to come by, however. “Little evidence currently exists as to how the vulnerability was exploited, and there appears to be no publicly available exploit code,” wrote Ryan Cribelar, a vulnerability research engineer at Nucleus Security, in a blog post Tuesday.