John Paul M. Joaquin Tech

Apple Issues Update To Patch out ‘Actively Exploited’ Vulnerability

Apple users may want to update their devices now.

The Cupertino, California-based tech giant recently released a bunch of updates meant to shore up the security of its devices from an "actively exploited" vulnerability.

Apple did not disclose additional details about the vulnerability beyond what it wrote on its updates' release notes, company spokesperson Scott Radcliffe told Engadget.

Apple 'Actively Exploited' Vulnerability Patches Details

Apple mentioned in its release notes that its iPads, iPhonesMacs, and Safari web browser contain a vulnerability in their Webkit tracked as CVE-2023-23529. The company described the vulnerability in its release notes as " a type confusion issue that processes "maliciously crafted web content" that may lead to arbitrary code execution.

To be more specific, successful exploitation of this vulnerability enables hackers and cybercriminals to execute arbitrary code on devices running vulnerable iOS, iPadOS, and MacOS versions after opening a malicious web page, per Bleeping Computer

This vulnerability is something Apple is aware of, as it received reports of hackers exploiting them in the past. Thankfully, the updates Apple released on Feb. 13 patched the vulnerability in question, preventing hackers and cybercriminals from exploiting it ever again.

Although the updates address different security issues, the common target was the devices' WebKit. For instance, the update for iOS and iPadOS devices comes with patches for their Kernel and WebKit, while Apple's MacOS update comes with patches for its Shortcuts along with its Kernel and WebKit.  

Read More: T-Mobile Suffers 'Nationwide' Outage, Forces Users' iPhones Into 'SOS' Mode

Meanwhile, Apple's update for its Safari web browser only contains the patch for its WebKit.

The tech giant credited Pangu Lab's Xinru Chi, Google Project Zero's Ned Williamson, Alibaba Group's Wenchao Li and Xiaolong Bai, and an anonymous researcher for finding the vulnerabilities. 

Apple also gave additional recognition to The Citizen Lab at The University of Toronto's Munk School for their assistance on the matter.

Credits aside, Apple is urging people with affected devices to initiate a software update as soon as they can to prevent hackers and cybercriminals from exploiting the vulnerability in question. Users of the following devices should update them to patch up said vulnerability:

  • iPhone 8 or later
  • iPad Pro (all models), iPad Air 3rd Generation and later, iPad 5th generation and later, iPad Mini 5th Generation and later
  • MacOS running macOS Ventura

Users can download the corresponding update by going to the Software Update menu in the System Settings app for macOS devices or by going to their Software Update tab by going to "Settings" and "General," per 9to5Mac.

Apple's First Catch Of The Year

CVE-2023-23529 is the first zero-day vulnerability Apple patched in 2023, though it did not disclose additional details about the vulnerability or the attacks that exploited it in the past.

Apple likely wants to allow as many users as possible to update their devices before more hackers and cybercriminals discover the vulnerability's specifics and develop their own custom exploits targeting vulnerable Apple devices. 

Related Article: Apple is Improving the Crash Detection Feature on iPhones Again

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Apple Apple updates Apple device vulnerablities CVE-2023-23529 Apple patch for CVE-2023-23529 CVE-2023-23529 fix CVE-2023-23529 patch release notes

Company from iTechPost

More from iTechPost