Apple Fixes 2 Zero-Day Vulnerabilities in Latest Software

Apple Responds to Zero-Day Vulnerabilities with Safety Updates

On April 7th, Apple released security updates for iOS, iPadOS, macOS, and web browser Safari to address zero-day vulnerabilities that were being actively exploited by hackers. The vulnerabilities have been identified as CVE-2023-28205, a use-after-free vulnerability in Webkit, and CVE-2023-28206, an out-of-bounds vulnerability in iosurfaceaccelerator that could allow attackers to execute arbitrary code.

Apple has stated that it has eliminated CVE-2023-28205 through improved memory management and the second vulnerability through improved input verification. The company has also warned users that the vulnerabilities were being actively exploited by hackers and urged them to install the safety updates as soon as possible. However, details about the vulnerabilities have not been disclosed to prevent further abuse by cybercriminals.

The safety updates are available for a wide range of devices, including iPhone 8 and newer, iPad Pro (all models), 3rd generation iPad Air and newer, iPad of the 5th generation and newer, as well as the iPad mini of the 5th generation and newer. The safety updates are also available for Mac computers running the macOS Big Sur, Monterey, and Ventura.

This marks the third time that Apple has addressed zero-day vulnerabilities since the beginning of the year. The most recent vulnerability, CVE-2023-23529, was eliminated in February and could have led to the implementation of arbitrary code.

To ensure device security, users are urged to install the safety updates as soon as possible.

/Reports, release notes, official announcements.