Apple users may want to update their devices now.
The Cupertino, California-based tech giant recently released a bunch of updates meant to shore up the security of its devices from an "actively exploited" vulnerability.
Apple did not disclose additional details about the vulnerability beyond what it wrote on its updates' release notes, company spokesperson Scott Radcliffe told Engadget.
Apple 'Actively Exploited' Vulnerability Patches Details
Apple mentioned in its release notes that its iPads, iPhones, Macs, and Safari web browser contain a vulnerability in their Webkit tracked as CVE-2023-23529. The company described the vulnerability in its release notes as " a type confusion issue that processes "maliciously crafted web content" that may lead to arbitrary code execution.
To be more specific, successful exploitation of this vulnerability enables hackers and cybercriminals to execute arbitrary code on devices running vulnerable iOS, iPadOS, and MacOS versions after opening a malicious web page, per Bleeping Computer.
This vulnerability is something Apple is aware of, as it received reports of hackers exploiting them in the past. Thankfully, the updates Apple released on Feb. 13 patched the vulnerability in question, preventing hackers and cybercriminals from exploiting it ever again.
Although the updates address different security issues, the common target was the devices' WebKit. For instance, the update for iOS and iPadOS devices comes with patches for their Kernel and WebKit, while Apple's MacOS update comes with patches for its Shortcuts along with its Kernel and WebKit.
Meanwhile, Apple's update for its Safari web browser only contains the patch for its WebKit.
The tech giant credited Pangu Lab's Xinru Chi, Google Project Zero's Ned Williamson, Alibaba Group's Wenchao Li and Xiaolong Bai, and an anonymous researcher for finding the vulnerabilities.
Apple also gave additional recognition to The Citizen Lab at The University of Toronto's Munk School for their assistance on the matter.
Credits aside, Apple is urging people with affected devices to initiate a software update as soon as they can to prevent hackers and cybercriminals from exploiting the vulnerability in question. Users of the following devices should update them to patch up said vulnerability:
- iPhone 8 or later
- iPad Pro (all models), iPad Air 3rd Generation and later, iPad 5th generation and later, iPad Mini 5th Generation and later
- MacOS running macOS Ventura
Users can download the corresponding update by going to the Software Update menu in the System Settings app for macOS devices or by going to their Software Update tab by going to "Settings" and "General," per 9to5Mac.
Apple's First Catch Of The Year
CVE-2023-23529 is the first zero-day vulnerability Apple patched in 2023, though it did not disclose additional details about the vulnerability or the attacks that exploited it in the past.
Apple likely wants to allow as many users as possible to update their devices before more hackers and cybercriminals discover the vulnerability's specifics and develop their own custom exploits targeting vulnerable Apple devices.
Related Article : Apple is Improving the Crash Detection Feature on iPhones Again