Apple fixes recently disclosed WebKit zero-day on older iPhones

Gandalf_The_Grey

Level 75
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,446
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.

The vulnerability (CVE-2023-23529) is a WebKit type confusion issue that the company fixed on newer iPhone and iPad devices on February 13, 2023.

Potential attackers can use it to trigger OS crashes and gain code execution on compromised iOS and iPadOS devices following successful exploitation.

The threat actors can then execute arbitrary code on the targeted iPhones and iPads after tricking the victims into opening malicious web pages (this bug also impacts Safari 16.3.1 on macOS Big Sur and Monterey).

"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day. "Apple is aware of a report that this issue may have been actively exploited."

Apple has also addressed the zero-day in iOS 15.7.4 and iPadOS 15.7.4 today with improved checks.

The list of impacted devices includes iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices.
 
F

ForgottenSeer 98186

Apple such a champ. Still giving security updates for 10 year old iPhone 6.

iPhones are the only good value on the mobile phone market.
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top