An actively exploited zero-day bug affecting older iPhones and iPads has been addressed by Apple in security updates to backport patches released last month.
The company fixed the WebKit-type confusion vulnerability (CVE-2023-23529) on newer iPhone and iPad models on February 13, 2023.
After successful exploitation, potential attackers can use it to cause OS crashes and gain code execution on compromised iOS and iPadOS devices.
After tricking the victims into opening malicious websites, the threat actors are able to execute arbitrary code on the targeted iPhones and iPads (this bug also affects Safari 16.3.1 on macOS Big Sur and Monterey).
“The execution of arbitrary code could occur when maliciously crafted web content is processed. “Apple describes the zero-day,” and “Apple is aware of a report that this issue may have been actively exploited.” There is a report that this vulnerability may have been actively exploited, and Apple is aware of it.
In addition, Apple has improved checks to address the zero-day in iOS 15.7.4 and iPadOS 15.7.4.
The rundown of influenced gadgets incorporates iPhone 6s (all models), iPhone 7 (all models), iPhone SE (first era), iPad Air 2, iPad little (fourth era), and iPod contact (seventh era) gadgets.
Although Apple claims to be aware of reports that this vulnerability has been exploited in attacks, the company has yet to publish information regarding these incidents. First zero-day exploited in the wild patched this year
However, Apple follows this procedure whenever it releases security updates for zero-day vulnerabilities that have been exploited in the wild.
The ability of as many users as possible to secure their devices is made possible by restricting access to technical details, which also slows down the efforts of attackers to create and spread additional exploits that target vulnerable devices.
Even though the zero-day CVE-2023-23529 was likely only used in specific attacks, it is highly recommended to install the most recent security updates as soon as possible to prevent attacks on iPhone and iPad users with older software.
Apple also backported patches for an exploitable zero-day flaw to older iPhones and iPads in January, as reported by Clément Lecigne of Google’s Threat Analysis Group.