28 March 2023

Apple backports fixes for recent WebKit zero-day to older iPhones, iPads


Apple backports fixes for recent WebKit zero-day to older iPhones, iPads

Apple has released security updates to backport fixes for a recently patched WebKit zero-day vulnerability to older iPhone and iPad models.

Tracked as CVE-2023-23529, the bug is a type confusion issue in the WebKit browser engine that can be used by a remote attacker to achieve remote code execution by tricking a victim into visiting a specially crafted website. This type confusion issue was addressed with improved checks.

The update is available for: iOS 15.7.4 and iPadOS 15.7.4 for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).

The iPhone maker did not share any additional details regarding attacks exploiting this flaw.

In January, Apple issued security updates for macOS, iOS, iPadOS, and WatchOS, to address a zero-day vulnerability in WebKit impacting older devices running iOS v12.

Tracked as CVE-2022-42856, the zero-day is type confusion issue that allows a remote attacker to achieve remote code execution by tricking the victim into visiting a malicious website.


Back to the list

Latest Posts

Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak.
29 May 2023
Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023