Sunday, June 15, 2025
HomeCyber Security NewsApple WebKit Zero-Day Vulnerability Exploited to Hack iPhones, iPads, and Macs

Apple WebKit Zero-Day Vulnerability Exploited to Hack iPhones, iPads, and Macs

Published on

SIEM as a Service

Follow Us on Google News

As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:-

  • iPhones
  • iPads
  • Macs

This discovered vulnerability has been identified as CVE-2023-23529, and the vulnerability is categorized as a WebKit confusion issue, which may lead to the exploitation of compromised devices by triggering operating system crashes and gaining code execution. 

Exploitation of Vulnerability

The vulnerability is zero-day, meaning it has not been previously identified or publicly disclosed. The CVE-2023-23529 vulnerability is particularly concerning due to its potential to cause significant damage to compromised devices. 

- Advertisement - Google News

If exploited, the vulnerability could enable an attacker to execute arbitrary code on the device, resulting in unauthorized access and the potential loss of sensitive data.

The exploitation of this vulnerability occurs when a user opens a malicious web page, which triggers the execution of arbitrary code. It has also been found that the vulnerability affects Safari 16.3.1 on macOS Big Sur and Monterey.

Affected Devices

It is believed that this vulnerability has been actively exploited, and Apple is aware of such a report. The CVE-2023-23529 was addressed by Apple by improving the checks in the following areas:-

  • iOS 16.3.1
  • iPadOS 16.3.1
  • macOS Ventura 13.2.1

Since the bug affects both older and newer models, so, the list of devices that are affected is quite extensive, and here below we have mentioned a few of them:-

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd gen and later
  • iPad 5th gen and later
  • iPad mini 5th gen and later
  • Macs running macOS Ventura

Apple also recently announced that they have fixed a kernel use after a free vulnerability that is tracked as CVE-2023-23514, in their latest security update. This flaw was reported by two security researchers, Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.

A potential impact of this flaw would be the implementation of arbitrary code on a Mac or iPhone with kernel privileges.

Apple’s First zero-day Patch of the Year

Despite the company’s acknowledgment of the existence of in-the-wild exploitation reports, it has refrained from releasing any information related to these attacks. The company has not disclosed any details regarding the type of exploitation, and the extent of damage caused.

Apple’s decision to limit access to information regarding the zero-day vulnerability is likely a measure taken to provide as many users as possible with the opportunity to update their devices before cyber attackers can exploit the security flaw.

The company’s actions reflect a commitment to maintaining a high level of security and privacy for its users.

Although the zero-day vulnerability may have only been utilized in specific targeted attacks, it is strongly recommended that users install the emergency updates as soon as possible to prevent any potential future attempts.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...