Apple fixes new WebKit zero-day exploited to hack iPhones, Macs


Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs.

The zero-day patched today is tracked as CVE-2023-23529 [1, 2] and is a WebKit confusion issue that could be exploited to trigger OS crashes and gain code execution on compromised devices.

Successful exploitation enables attackers to execute arbitrary code on devices running vulnerable iOS, iPadOS, and macOS versions after opening a malicious web page (the bug also impacts Safari 16.3.1 on macOS Big Sur and Monterey).

“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said when describing the zero-day.

Read more…