Apple seeks to fix three critical vulnerabilities in iOS, iPadOS and macOS recently discovered by the University of Toronto’s Citizen Lab and classified as a severe risk (75.8/100) by the National Cyber Security Agency.
One of these critical vulnerabilities – CVE-2023-23529 – is defined as 0-day and is related to Apple’s Safari Webkit web rendering engine.
This vulnerability affected the iPhone 8 and later, iPad Pro, iPad Air 3rd gen and later, iPad 5th gen and later, iPad mini 5th gen and later, Macs with macOS Ventura installed.
- Safari version earlier than 16.3.1
- iOS and iPadOS in versions prior to 16.3.1
- macOS Ventura in versions prior to 13.2.1
CVE-2023-23529 | Safari 16.3.1: Processing maliciously crafted web content may lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
iOS 16.3.1 and iPadOS 16.3.1:
- CVE-2023-23514 | Kernel: An app may be able to execute arbitrary code with kernel privileges
- CVE-2023-23529 | WebKit: Processing maliciously crafted web content can lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
macOS Ventura 13.2.1:
- CVE-2023-23514 | Kernel: An app may be able to execute arbitrary code with kernel privileges
- CVE-2023-23522 | Shortcuts: An app may be able to observe unprotected user data
- CVE-2023-23529 | WebKit: Processing maliciously crafted web content can lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.