Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple fixes the first zero-day in iPhones and Macs this year

Apple has released emergency security updates to fix a new actively exploited zero-day vulnerability that impacts iPhones, iPads, and Macs. Apple has released emergency security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-23529, that impacts iOS, iPadOS, and macOS. The flaw is a type confusion issue in WebKit that was addressed […]

Apple Signal

Apple has released emergency security updates to fix a new actively exploited zero-day vulnerability that impacts iPhones, iPads, and Macs.

Apple has released emergency security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-23529, that impacts iOS, iPadOS, and macOS. The flaw is a type confusion issue in WebKit that was addressed by the IT giant with improved checks.

An attacker can achieve arbitrary code execution by tricking the victims into visiting maliciously crafted web content.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the advisory published by Apple.

This is the first zero-day vulnerability addressed by Apple in 2023. As usual, Apple did not share details about the attacks in the wild exploiting this flaw.

The flaw impacts iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Macs running macOS Ventura.

Apple addressed the CVE-2023-23529 flaw with the release of iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1.

The company also fixed a use after free issue, tracked as CVE-2023-23514, that resides in the kernel. The vulnerability was addressed with improved memory management.

“An app may be able to execute arbitrary code with kernel privileges” reads the advisory.

The vulnerability was reported by Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Apple)