Critical iOS Update Fixes Zero-Day Vulnerabilities Exploited in Attacks

06.03.24

Threat Intelligence Alerts

Apple has released an important security update for iPhone, iPad and iPod touch users to address two serious vulnerabilities that were actively being exploited by attackers. The flaws, dubbed zero-day vulnerabilities, could allow malicious parties to take complete control of vulnerable devices.

The zero-day vulnerabilities were discovered by anonymous researchers and reported to Apple. One of the flaws, tracked as CVE-2023-23529, is a type confusion issue in the Apple kernel, while the second, CVE-2023-23513, is a vulnerability in WebKit, the browser engine powering Safari and many iOS apps. 

Both vulnerabilities are extremely severe, with Apple stating they “may have been actively exploited” by threat actors to compromise devices. This means some iPhone and iPad users may have already been targeted before the security holes were patched.

While Apple has not disclosed specifics about the attacks exploiting these zero-days or who was behind them, such zero-click vulnerabilities requiring no user interaction are highly coveted by state-sponsored hacking groups and advanced cybercriminals. 

All users are strongly urged to update their devices to iOS 16.4.1, iPadOS 16.4.1 or macOS 13.3 as soon as possible to protect against these and other patched vulnerabilities. Keeping devices updated with the latest software is one of the most effective ways to stay secure.

To update:

In addition to installing updates promptly, other tips for iOS security include:

While no device is 100% secure, taking basic precautions and responding quickly when critical updates are released is key to protecting your data and privacy from emerging threats.

Related Links:

https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-exploited-in-attacks-on-iphones/

https://support.apple.com/en-us/HT214081

https://www.tenable.com/plugins/nessus/191558