As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:-
This discovered vulnerability has been identified as CVE-2023-23529, and the vulnerability is categorized as a WebKit confusion issue, which may lead to the exploitation of compromised devices by triggering operating system crashes and gaining code execution.
The vulnerability is zero-day, meaning it has not been previously identified or publicly disclosed. The CVE-2023-23529 vulnerability is particularly concerning due to its potential to cause significant damage to compromised devices.
If exploited, the vulnerability could enable an attacker to execute arbitrary code on the device, resulting in unauthorized access and the potential loss of sensitive data.
The exploitation of this vulnerability occurs when a user opens a malicious web page, which triggers the execution of arbitrary code. It has also been found that the vulnerability affects Safari 16.3.1 on macOS Big Sur and Monterey.
It is believed that this vulnerability has been actively exploited, and Apple is aware of such a report. The CVE-2023-23529 was addressed by Apple by improving the checks in the following areas:-
Since the bug affects both older and newer models, so, the list of devices that are affected is quite extensive, and here below we have mentioned a few of them:-
Apple also recently announced that they have fixed a kernel use after a free vulnerability that is tracked as CVE-2023-23514, in their latest security update. This flaw was reported by two security researchers, Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
A potential impact of this flaw would be the implementation of arbitrary code on a Mac or iPhone with kernel privileges.
Despite the company’s acknowledgment of the existence of in-the-wild exploitation reports, it has refrained from releasing any information related to these attacks. The company has not disclosed any details regarding the type of exploitation, and the extent of damage caused.
Apple’s decision to limit access to information regarding the zero-day vulnerability is likely a measure taken to provide as many users as possible with the opportunity to update their devices before cyber attackers can exploit the security flaw.
The company’s actions reflect a commitment to maintaining a high level of security and privacy for its users.
Although the zero-day vulnerability may have only been utilized in specific targeted attacks, it is strongly recommended that users install the emergency updates as soon as possible to prevent any potential future attempts.
Network Security Checklist – Download Free E-Book
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…
Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…
A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…