• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
webkit under attack: apple issues emergency patches for 3 new

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

You are here: Home / General Cyber Security News / WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
May 19, 2023

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address a few new zero-day flaws that it stated are staying actively exploited in the wild.

The 3 security shortcomings are detailed down below –

  • CVE-2023-32409 – A WebKit flaw that could be exploited by a malicious actor to crack out of the Web Content sandbox. It was resolved with enhanced bounds checks.
  • CVE-2023-28204 – An out-of-bounds examine issue in WebKit that could be abused to disclose delicate details when processing web written content. It was resolved with enhanced input validation.
  • CVE-2023-32373 – A use-following absolutely free bug in WebKit that could direct to arbitrary code execution when processing maliciously crafted web material. It was addressed with improved memory management.

The iPhone maker credited Clément Lecigne of Google’s Danger Evaluation Group (TAG) and Donncha Ó Cearbhaill of Amnesty International’s Security Lab for reporting CVE-2023-32409. An anonymous researcher has been acknowledged for reporting the other two issues.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


It’s value noting that each CVE-2023-28204 and CVE-2023-32373 ended up patched as element of Immediate Security Reaction updates – iOS 16.4.1 (a) and iPadOS 16.4.1 (a) – the organization launched at the commence of the thirty day period.

There are at this time no extra specialized specifics about the flaws, the nature of the attacks, or the identification of the menace actors that may well be exploiting them.

Future WEBINARZero Believe in + Deception: Understand How to Outsmart Attackers!

Find how Deception can detect advanced threats, quit lateral movement, and enrich your Zero Belief system. Be part of our insightful webinar!

Help you save My Seat!

That mentioned, this kind of weaknesses have been traditionally leveraged as portion of hugely-specific intrusions to deploy mercenary spyware on the gadgets of dissidents, journalists, and human rights activists, among many others.

The hottest updates are readily available for the following products –

  • iOS 16.5 and iPadOS 16.5 – iPhone 8 and later, iPad Pro (all models), iPad Air 3rd technology and afterwards, iPad 5th technology and afterwards, and iPad mini 5th generation and later
  • iOS 15.7.6 and iPadOS 15.7.6 – iPhone 6s (all types), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th technology)
  • macOS Ventura 13.4 – macOS Ventura
  • tvOS 16.5 – Apple Television 4K (all models) and Apple Television Hd
  • watchOS 9.5 – Apple Watch Collection 4 and later on
  • Safari 16.5 – macOS Large Sur and macOS Monterey

Apple has so far remediated a whole of six actively exploited zero-days considering the fact that the start off of 2023. Earlier this February, the firm plugged a WebKit flaw (CVE-2023-23529) that could guide to distant code execution.

Then final month, it transported fixes for a pair of vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that authorized for code execution with elevated privileges. Lecigne and Ó Cearbhaill were credited with reporting the security flaws.

Found this posting interesting? Stick to us on Twitter  and LinkedIn to read a lot more special articles we put up.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cyber Warfare Escalates Amid China-Taiwan Tensions
Next Post: Top 10 Considerations for Choosing the Best SAST Solutionwww.checkmarx.comDevSecOps / AppSecKnow how to compare SAST solutions before investing in a new tool. Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.