Apple this week is rolling out patches to iPhone and Mac users to address a new WebKit flaw that hackers are said to be exploiting in the wild.
The vulnerability, tracked as CVE-2023-23529, is a new type confusion issue in the web-rendering WebKit engine used by all Apple products.
According to the advisory, the bug can be exploited to compromise vulnerable iPhones, iPads and Macs by “processing maliciously crafted web content.”
In plain English, an attacker can gain a foothold on the target device simply by sending the victim a malicious URL.
“Apple is aware of a report that this issue may have been actively exploited,” according to the Cupertino tech giant.
The company repeats the statement in three separate advisories targeting iOS and macOS users.
iPhone and iPad users are offered iOS 16.3.1 and iPadOS 16.3.1, while Mac users are instructed to update to macOS Ventura 13.2.1 to stifle the bug.
Mac users who aren’t yet ready to update their OS version outright can address the issue by simply updating their Safari browser – the WebKit harborage – to version 16.3.1.
CVE-2023-23529, reported to Apple by an anonymous researcher,is the first zero-day flaw patched in iOS and macOS this year.
Apple has been increasingly sending out emergency / out-of-band updates to its user base in recent times, as more and more security bugs are seen actively exploited on iOS and macOS in the wild.
Last year, Bitdefender warned that keeping iPhones up to date had become of critical importance, as spyware threats increasingly find their way onto vulnerable devices – with little, and sometimes no, input from the victim.
Bitdefender Mobile Security offers powerful protection against cyber threats targeting iOS with minimal impact on device performance and battery life.
Bitdefender Antivirus for Mac offers real-time protection against all desktop-facing threats on macOS, including ransomware.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024