8th October 2025
Latest:

ZEROTHCODE

zerothcode blog

apple-patch
Hackers News

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Jaivik Patel

apple-patch Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. apple-patch

The three security shortcomings are listed below – apple-patch

  • CVE-2023-32409 – A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with improved bounds checks.
  • CVE-2023-28204 – An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. It was addressed with improved input validation.
  • CVE-2023-32373 – A use-after free bug in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. It was addressed with improved memory management.

The iPhone maker credited ClĂ©ment Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ă“ Cearbhaill of Amnesty International’s Security Lab for reporting CVE-2023-32409. An anonymous researcher has been acknowledged for reporting the other two issues. apple-patch

It’s worth noting that both CVE-2023-28204 and CVE-2023-32373 were patched as part of Rapid Security Response updates – iOS 16.4.1 (a) and iPadOS 16.4.1 (a) – the company released at the start of the month.apple-patch

There are currently no additional technical specifics about the flaws, the nature of the attacks, or the identity of the threat actors that may be exploiting them. apple-patch

That said, such weaknesses have been historically leveraged as part of highly-targeted intrusions to deploy mercenary spyware on the devices of dissidents, journalists, and human rights activists, among others.apple-patch

The latest updates are available for the following devices and operating systems -apple-patch

  • iOS 16.5 and iPadOS 16.5 – iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • iOS 15.7.6 and iPadOS 15.7.6 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
  • macOS Ventura 13.4 – macOS Ventura
  • tvOS 16.5 – Apple TV 4K (all models) and Apple TV HD
  • watchOS 9.5 – Apple Watch Series 4 and later
  • Safari 16.5 – macOS Big Sur and macOS Monterey

Apple has so far remediated a total of six actively exploited zero-days since the start of 2023. Earlier this February, the company plugged a WebKit flaw (CVE-2023-23529) that could lead to remote code execution. apple-patch

Then last month, it shipped fixes for a pair of vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that allowed for code execution with elevated privileges. Lecigne and Ă“ Cearbhaill were credited with reporting the security defects. apple-patch

 

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

You May Also Like

Vulnerability

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

Jaivik Patel
truecaller-scaled

Vulnerability Hit Truecaller App Potentially Affecting Millions Of Users

Jaivik Patel
google

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Jaivik Patel