Apple released several security patches for its devices on Thursday, including fixes for three zero-day vulnerabilities.
Apple said the zero-day flaws “have been actively exploited,” but the company did not disclose any information about the attacks or the threat actors responsible. The vulnerabilities — CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 — are all linked to the WebKit browser engine, which powers Safari.
The other security updates address vulnerabilities in new and old models of Apple’s family of devices, including the iPhone, iPad, Mac, Apple Watch, and Apple TV.
While these updates do not bring new features to Apple devices, we strongly recommend that you apply these new updates if you have not done so already.
Major Security Vulnerabilities
The first of the three zero-day vulnerabilities allows cybercriminals to escape “Web Content sandbox.” The others allow arbitrary code execution and access to sensitive information, respectively.
These security flaws affect various models of Apple’s iPhone and iPad.
While two of these vulnerabilities were reported by anonymous researchers, one of them — CVE-2023-32409 — was reported by members of Google’s Threat Analysis Group and Amnesty International.
In December 2022, Apple fixed another WebKit zero-day exploit with the iOS 16.1.2 update. According to Google’s Threat Analysis Group, commercial spyware vendors exploited the vulnerability to target users in Italy, Malaysia, and Kazakhstan.
What is a Zero-Day Vulnerability?
Zero-day vulnerabilities are bugs that cybercriminals exploit before developers get a chance to patch them.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the rollout of flawed and defective technology products is a major driver for cyber-compromise. Zero-day software vulnerabilities fall into this category.
It is not uncommon for security researchers to discover security flaws in popular software. Top tech companies, like Apple and Google, usually work quickly to resolve security lapses on their systems.
It’s important to ensure your device gets all the latest patches. We recommend setting your device to receive updates automatically so you’re not left unprotected from threats. To do this on Apple devices, go to Settings > General > Software Update > Automatic Updates > On.
Cybercriminals are constantly working to find new, insidious ways to snare unsuspecting victims. While you may be unable to protect your device from undiscovered zero-day vulnerabilities, you can limit your exposure to threats and stay safe online by keeping your device up-to-date and practicing proper cyber hygiene.
Consult our iPhone vs. Android security guide to learn more about common security threats and how to keep your smartphone safe.
