On 13 February Apple released update 13.2.1 for MacOS and 16.3.1 for iOS and iPadOS to address several vulnerabilities, one of which is being actively exploited. All three updates address CVE-2023-23514, a vulnerability in the kernel that may allow an application to execute arbitrary code (ACE) with kernel privileges, and CVE-2023-23529, a flaw in WebKit currently exploited to allow crafted web content to achieve ACE. Additionally, the MacOS update addresses CVE-2023-23522, a vulnerability that enables temporary files to violate user privacy. Apple has elected to not disclose details surrounding the WebKit vulnerability aside from their awareness of active exploitation.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security