WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

From thehackernews.com

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild.

The three security shortcomings are listed below –

  • CVE-2023-32409 – A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with improved bounds checks.
  • CVE-2023-28204 – An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. It was addressed with improved input validation.
  • CVE-2023-32373 – A use-after free bug in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. It was addressed with improved memory management.

Read more…