Home Security Apple’s iOS, iPadOS, macOS, and Safari Below Assault with New Zero-Day Flaw

Apple’s iOS, iPadOS, macOS, and Safari Below Assault with New Zero-Day Flaw

by crpt os


Feb 14, 2023Ravie LakshmananDevice Security / Zero Day

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild.

Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution.

The iPhone maker said the bug was addressed with improved checks, adding it’s “aware of a report that this issue may have been actively exploited.” An anonymous researcher has been credited with reporting the flaw.

It’s not immediately clear as to how the vulnerability is being exploited in real-world attacks, but it’s the second actively abused type confusion flaw in WebKit to be patched by Apple after CVE-2022-42856 in as many months, which was closed in December 2022.

WebKit flaws are also notable for the fact that they impact every third-party web browser that’s available for iOS and iPadOS owing to Apple’s restrictions that require browser vendors to use the same rendering framework.

Also addressed by the company is a use-after-free issue in the Kernel (CVE-2023-23514) that could permit a rogue app to execute arbitrary code with the highest privileges.

Credited with reporting the issue are Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero. Apple said it resolved the vulnerability with improved memory management.

Separately, the latest macOS update also plugs a privacy defect in Shortcuts that a malware-laced app can take advantage of to “observe unprotected user data.” The problem, Apple noted, was fixed with improved handling of temporary files.

Users are advised to update to iOS 16.3.1, iPadOS 16.3.1, macOS Ventura 13.2.1, and Safari 16.3.1 to mitigate potential risks. The updates are available for the following devices –

  • iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Macs running macOS Ventura, macOS Big Sur, and macOS Monterey

Apple remediated a total of 10 zero-days spanning its software in 2022, nine of which were disclosed as actively exploited by threat actors. Four of those flaws were discovered in WebKit.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex