Vulnerability Alert: Apple Patches Two Vulnerabilities, Including a Zero-Day

leadership team 2024

By Michelle Drolet

Founder & CEO

Michelle is a prominent leader in data security preparedness, renowned for her extensive expertise i

Read More

Apple Patches Two Vulnerabilities Including a Zero Day

What You Need to Know:

In response to attacks aimed at hacking iPhones, iPads, and Macs, Apple issued urgent security updates that address two vulnerabilities, one of which is a zero-day vulnerability.

The first vulnerability, tracked as CVE-2023-23529 [1,2], is a WebKit confusion zero-day that can lead to OS crashes and the execution of arbitrary code on compromised devices. This vulnerability can be exploited by opening a malicious web page and affects versions of iOS, iPadOS, and macOS, including Safari 16.3.1. The WebKit vulnerability is being exploited in the wild, but it is not clear as to how the vulnerability is being exploited in attacks. WebKit flaws impact every third-party web browser that is available for iOS and iPadOS due to Apple’s restrictions that require browser vendors to use the same rendering framework.

The second vulnerability is tracked as CVE-2023-23514 and is a kernel use after free flaw that can also result in the execution of arbitrary code with kernel privileges on Macs and iPhones. This vulnerability could allow a rogue app to execute arbitrary code with the highest privileges.

To minimize potential risks, it is recommended that users update to iOS 16.3.1, iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.1. Updates are available for iPhone 8 and newer, iPad Pro (all versions), iPad Air 3rd generation and newer, iPad 5th generation and newer, and iPad mini 5th generation and newer. Additionally, the updates are available for Macs that are operating on macOS Ventura, macOS Big Sur, and macOS Monterey.

 Towerwall Recommendations:

Indicators of Compromise (IoCs):

At this time, there are no known IoCs associated with CVE-2023-23514 and CVE-2023-23529

Supporting Documentation:

 

If you have any questions about this vulnerability or your information security needs, please contact us directly at 774-204-0700.