Apple has released security updates to fix a zero-day bug (CVE-2023-23529) that was actively exploited on older iPhones and iPads. The vulnerability is a WebKit type confusion issue that allows attackers to trigger OS crashes and execute arbitrary code on compromised iOS and iPadOS devices.
The threat actors can trick victims into opening malicious web pages to exploit the bug, which also affects Safari 16.3.1 on macOS Big Sur and Monterey.
Furthermore, Apple has fixed the zero-day vulnerability in iOS 15.7.4 and iPadOS 15.7.4 with improved checks. The affected devices include iPhone 6s and 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices.
Although the company has not published any information regarding the incidents of exploitation, restricting access to technical details helps as many users as possible to secure their devices and slows down attackers’ efforts to develop and deploy additional exploits targeting vulnerable devices.
Additionally, in January, Apple released patches to backport a remotely exploitable zero-day flaw for older iPhones and iPads.
While the CVE-2023-23529 zero-day was likely only used in targeted attacks, users of iPhone and iPad devices running older software are advised to install the security updates as soon as possible to block potential attack attempts.
The company’s swift response to the zero-day bug highlights the importance of keeping devices updated with the latest security patches to protect against emerging threats.
