Apple releases security fix for iPhone and Mac zero-day flaw, so update now

By Scott Marlette Last updated Feb 14, 2023

Apple has fixed two high-severity security flaws that allowed threat actors to run arbitrary code on vulnerable devices, potentially letting them steal sensitive contentor even hijack the entire device.

The first one, tracked as CVE-2023-23514, is a Use After Free Issue, enabling hackers to execute arbitrary code with kernel privileges, affecting iPhones 8 and later, all iPad Pro models, iPad Air 3rd generation and newer, iPad 5th generation and later, and iPad mini 5th generation and later devices.

The flaw was discovered by Xinru Chi of Pangu Lab, and Ned Williamson of Google Project Zero, and was reportedly fixed with better memory management.

Updating the OS

The second flaw, tracked as CVE-2023-23529, was found in WebKit, Apple’s browser engine used in its Safari offering.

It was a type confusion issue, fixed with improved checks, as by processing maliciously (opens in new tab) crafted web content, the device could end up allowing arbitrary code execution by third parties, Apple explained.

The flaw, which Apple says was discoverd by an anonymous researcher, affected iPhones 8 and newer, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later devices.

Apple confirmed that both flaws are being actively exploited, meaning that hackers are aware of the issues and are using them to gain access to devices and steal valuable content.

Therefore, it is paramount that users apply the fixes as soon as possible, and upgrade to iOS 16.3.1 and iPadOS 16.3.1.

Apple’s browser engine, WebKit, is a popular attack vector for hackers looking to breach Apple devices, as it potentially allows access to the rest of the device’s data.

In 2022, Apple patched nine iOS bugs that “may have been actively exploited”, four of which were found in WebKit, TechCrunch reported. Of the others, three were found in the kernel, one in AppleAVD, and one in IOMobileFrameBuffer.

Via: TechCrunch (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.