Apple releases fix WebKit zero-day vulnerability

Apple releases fix WebKit zero-day vulnerability

Apple on 13th February 2023, released a fix for zero-day vulnerability in iPads, Macs and iPhones.

The WebKit misunderstanding flaw that was patched under the name CVE-2023-23529 might be used to cause OS crashes and grant code execution on compromised devices. After accessing a malicious web page, successful exploitation allows attackers to launch any code on devices running vulnerable versions of iOS, iPadOS, and macOS (the bug also impacts Safari 16.3.1 on macOS Big Sur and Monterey).

Impact Devices:
  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air 3rd generation and later
  • iPad 5th generation and later
  • iPad mini 5th generation and later
  • macOS Big Sur and macOS Monterey
Impact

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Recommendation

Although it is likely that this zero-day bug was only employed in targeted assaults, it is nonetheless strongly advised to apply the emergency patches right once to prevent potential attack efforts.

Source

https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/

https://support.apple.com/en-us/HT201222

Recently

Broken Authentication vulnerability in Jira Service Management

© 2021 BY CYBER LABS SERVICES (PVT) LTD

[email protected]

Sri Lanka Office:
No: 57/3 Flower Road, Colombo 07, Sri Lanka.

Melbourne Office:
No 08, Cubbie way Clyde, North Victoria 3978