Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

iOS Security Update Patches Exploited Vulnerability in Older iPhones

Apple has released security updates for older iPhones to address a vulnerability exploited in attacks.

Apple this week announced fresh security updates for macOS and iOS, including patches that address an exploited vulnerability in older iPhone models.

The issue, tracked as CVE-2023-23529, was initially addressed as a zero-day in mid-February, with the release of iOS and iPadOS 16.3.1 and macOS Ventura 13.2.1. Apple credited an anonymous researcher for reporting the bug.

Impacting WebKit, the flaw can lead to arbitrary code execution during the processing of maliciously crafted web content and was addressed with improved checks.

“Apple is aware of a report that this issue may have been actively exploited,” the Cupertino-based tech giant notes in its advisory.

Patches for this vulnerability are included in iOS 15.7.4 and iPadOS 15.7.4, which are now rolling out to all iPhone 6s and iPhone 7 models, first-generation iPhone SE, iPad Air 2, fourth-gen iPad mini, and seventh-gen iPod touch.

The security update contains fixes for a total of 16 vulnerabilities that could lead to information leaks, memory write, arbitrary code execution, VPN server spoofing, and to the use of sensitive user data to perform certain actions.

This week, Apple also released security updates for the latest-generation iPhone and iPad models, to address a total of 33 vulnerabilities. Rolling out as iOS 16.4 and iPadOS 16.4, the platform updates also bring several user-experience enhancements.

Nearly 60 vulnerabilities were addressed with the release of macOS Ventura 13.3 this week. macOS Monterey 12.6.4 and Big Sur 11.7.5 were released with patches for over 25 vulnerabilities each.

Advertisement. Scroll to continue reading.

The tech giant also patched two vulnerabilities with the release of Safari 16.4, which is now available for macOS Big Sur and macOS Monterey users.

Security updates are also available for tvOS and watchOS, as well as for Studio Display firmware for macOS Ventura. Further information on the addressed vulnerabilities can be found on Apple’s support website.

Related: Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities

Related: Apple Patches Exploited iOS Vulnerability in Old iPhones

Related: Apple Patches WebKit Code Execution in iPhones, MacBooks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.