Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild.
The two vulnerabilities are as follows –
- CVE-2023-28205 – A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content.
- CVE-2023-28206 – An out-of-bounds write issue in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges.
Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it’s aware the bugs “may have been actively exploited.”