Apple WebKit Zero-Day Vulnerability Exploited to Hack iPhones, iPads, and Macs

As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:-

  • iPhones
  • iPads
  • Macs

This discovered vulnerability has been identified as CVE-2023-23529, and the vulnerability is categorized as a WebKit confusion issue, which may lead to the exploitation of compromised devices by triggering operating system crashes and gaining code execution. 

Exploitation of Vulnerability

The vulnerability is zero-day, meaning it has not been previously identified or publicly disclosed. The CVE-2023-23529 vulnerability is particularly concerning due to its potential to cause significant damage to compromised devices. 

If exploited, the vulnerability could enable an attacker to execute arbitrary code on the device, resulting in unauthorized access and the potential loss of sensitive data.

The exploitation of this vulnerability occurs when a user opens a malicious web page, which triggers the execution of arbitrary code. It has also been found that the vulnerability affects Safari 16.3.1 on macOS Big Sur and Monterey.

Affected Devices

It is believed that this vulnerability has been actively exploited, and Apple is aware of such a report. The CVE-2023-23529 was addressed by Apple by improving the checks in the following areas:-

  • iOS 16.3.1
  • iPadOS 16.3.1
  • macOS Ventura 13.2.1

Since the bug affects both older and newer models, so, the list of devices that are affected is quite extensive, and here below we have mentioned a few of them:-

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd gen and later
  • iPad 5th gen and later
  • iPad mini 5th gen and later
  • Macs running macOS Ventura

Apple also recently announced that they have fixed a kernel use after a free vulnerability that is tracked as CVE-2023-23514, in their latest security update. This flaw was reported by two security researchers, Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.

A potential impact of this flaw would be the implementation of arbitrary code on a Mac or iPhone with kernel privileges.

Apple’s First zero-day Patch of the Year

Despite the company’s acknowledgment of the existence of in-the-wild exploitation reports, it has refrained from releasing any information related to these attacks. The company has not disclosed any details regarding the type of exploitation, and the extent of damage caused.

Apple’s decision to limit access to information regarding the zero-day vulnerability is likely a measure taken to provide as many users as possible with the opportunity to update their devices before cyber attackers can exploit the security flaw.

The company’s actions reflect a commitment to maintaining a high level of security and privacy for its users.

Although the zero-day vulnerability may have only been utilized in specific targeted attacks, it is strongly recommended that users install the emergency updates as soon as possible to prevent any potential future attempts.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago