Apple has released a Quick Security Response update for iOS, iPadOS, macOS, and the Safari web browser address a zero-day flaw that he says is actively exploited in the wild.
WebKit bugs, cataloged as CVE-2023-37450, can allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker says it has addressed this issue with better vetting.
Credited with finding and reporting the flaw is an anonymous researcher. As with most cases of this kind, there are few details about the nature and scale of the attack and the identity of the threat actor behind it.
But Apple noted in a brief warning that it was “aware of reports that this issue may be actively exploited.”
🔐 PAM Security – Expert Solution to Secure Your Sensitive Accounts
This expert-led webinar will equip you with the knowledge and strategies you need to change your privileged access security strategy.
The update, iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, is available for devices running the following operating system versions:
Apple has addressed 10 zero-day vulnerabilities in its software since early 2023. It also comes weeks after the company rolled out patches to fix three zero-days, two of which had been weaponized by an unknown actor in connection with an espionage campaign called Operation Triangulation.