Wednesday, December 18, 2024
HomeCyber Security NewsApple WebKit Zero-Day Vulnerability Exploited to Hack iPhones, iPads, and Macs

Apple WebKit Zero-Day Vulnerability Exploited to Hack iPhones, iPads, and Macs

Published on

SIEM as a Service

As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:-

  • iPhones
  • iPads
  • Macs

This discovered vulnerability has been identified as CVE-2023-23529, and the vulnerability is categorized as a WebKit confusion issue, which may lead to the exploitation of compromised devices by triggering operating system crashes and gaining code execution. 

Exploitation of Vulnerability

The vulnerability is zero-day, meaning it has not been previously identified or publicly disclosed. The CVE-2023-23529 vulnerability is particularly concerning due to its potential to cause significant damage to compromised devices. 

- Advertisement - SIEM as a Service

If exploited, the vulnerability could enable an attacker to execute arbitrary code on the device, resulting in unauthorized access and the potential loss of sensitive data.

The exploitation of this vulnerability occurs when a user opens a malicious web page, which triggers the execution of arbitrary code. It has also been found that the vulnerability affects Safari 16.3.1 on macOS Big Sur and Monterey.

Affected Devices

It is believed that this vulnerability has been actively exploited, and Apple is aware of such a report. The CVE-2023-23529 was addressed by Apple by improving the checks in the following areas:-

  • iOS 16.3.1
  • iPadOS 16.3.1
  • macOS Ventura 13.2.1

Since the bug affects both older and newer models, so, the list of devices that are affected is quite extensive, and here below we have mentioned a few of them:-

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd gen and later
  • iPad 5th gen and later
  • iPad mini 5th gen and later
  • Macs running macOS Ventura

Apple also recently announced that they have fixed a kernel use after a free vulnerability that is tracked as CVE-2023-23514, in their latest security update. This flaw was reported by two security researchers, Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.

A potential impact of this flaw would be the implementation of arbitrary code on a Mac or iPhone with kernel privileges.

Apple’s First zero-day Patch of the Year

Despite the company’s acknowledgment of the existence of in-the-wild exploitation reports, it has refrained from releasing any information related to these attacks. The company has not disclosed any details regarding the type of exploitation, and the extent of damage caused.

Apple’s decision to limit access to information regarding the zero-day vulnerability is likely a measure taken to provide as many users as possible with the opportunity to update their devices before cyber attackers can exploit the security flaw.

The company’s actions reflect a commitment to maintaining a high level of security and privacy for its users.

Although the zero-day vulnerability may have only been utilized in specific targeted attacks, it is strongly recommended that users install the emergency updates as soon as possible to prevent any potential future attempts.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing...

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase...

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing...

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase...

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...