Threat Watch

Apple Deploys Patch Fixing Actively-Exploited WebKit Vulnerability

On 13 February Apple released update 13.2.1 for MacOS and 16.3.1 for iOS and iPadOS to address several vulnerabilities, one of which is being actively exploited. All three updates address CVE-2023-23514, a vulnerability in the kernel that may allow an application to execute arbitrary code (ACE) with kernel privileges, and CVE-2023-23529, a flaw in WebKit currently exploited to allow crafted web content to achieve ACE. Additionally, the MacOS update addresses CVE-2023-23522, a vulnerability that enables temporary files to violate user privacy. Apple has elected to not disclose details surrounding the WebKit vulnerability aside from their awareness of active exploitation.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Companies are highly encouraged to patch as soon as their change management procedures allow. It’s possible that threat actors using this exploit currently will ramp up deployment in an effort to compromise devices before they get patched. Additionally, analysts should look for suspicious processes and activity stemming from Safari, pending further information from Apple about the specifics of the exploit, as far back as their logging allows.

https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support