Apple just rolled out updates for older iPhone and iPad models to fix a security vulnerability known as CVE-2023-23529 that is actively exploited in the wild. The flaw is a type confusion in the WebKit browser engine that could have allowed for arbitrary code execution. Apple had previously addressed the bug on February 13, 2023 with improved checks, and an anonymous researcher was credited with reporting the issue.
Apple Released New Advisory Regarding CVE-2023-23529
Following the active exploitation of CVE-2023-23529, Apple has issued a new advisory stating that maliciously crafted web content can lead to arbitrary code execution. While no further specifics of the attacks are available, which is standard practice to prevent more abuse, Apple has released the update in versions iOS 15.7.4, iPadOS 15.7.4, macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, tvOS 16.4, and watchOS 9.4 with bug fixes for iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini 4th generation, and iPod touch 7th generation.
According to the original advisory released in February, CVE-2023-23529 is a type confusion vulnerability in WebKit, Apple’s browser engine used in Safari, as well as all web browsers on iOS and iPadOS. The flaw is caused by processing malicious web content, and could lead to arbitrary code execution on exposed devices. It was fixed with improved checks,