Apple is actively patching exploited vulnerabilities in iOS and macOS

Spread the love

Apple has released several security updates for its iOS, iPadOS, macOS and watchOS operating systems. These updates resolve, among other things, a zero-day issue that allowed hackers to execute arbitrary code with kernel privileges.

The core vulnerability concerns CVE-2023-32434, Apple reports in its patch notes. The kernel vulnerability could cause an integer overflow and allow hackers to execute arbitrary code with kernel privileges. According to Apple, this has been actively used in practice on iOS versions released before 15.7. Apple does not mention whether the vulnerability has also been exploited on other platforms, such as macOS.

Apple has now fixed the vulnerability in question in versions 16.5.1 and 15.7.7 of iOS and iPadOS. The issue is also fixed in macOS 13.4.1, 12.6.7 and 11.7.8. The bug was also in watchOS and was fixed in versions 9.5.2 and 8.8.1 of that operating system. Users are recommended to install the updates.

The iOS and iPadOS updates also fix a WebKit vulnerability, CVE-2023-32439, on. This vulnerability could cause a type confusion issue. This allowed for arbitrary code execution using specially crafted web content. According to reports, this vulnerability has also been actively exploited, Apple says. WebKit forms the basis of all web browsers on iOS and iPadOS, in addition to the Safari browser for macOS.

Vulnerability Dissolved in
Kernel (CVE-2023-32434) iOS 16.5.1 and 15.7.7
iPadOS 16.5.1 and 15.7.7
MacOS 13.4.1, 12.6.7 and 11.7.8
WatchOS 9.5.2 and 8.8.1
WebKit (CVE-2023-32439) iOS 16.5.1 and 15.7.7
iPadOS 16.5.1 and 15.7.7
Safari 16.5.1