"iOS Security Update Patches Exploited Vulnerability in Older iPhones"

Apple recently announced fresh security updates for macOS and iOS, including patches that address an exploited vulnerability in older iPhone models.  The issue tracked as CVE-2023-23529 was initially addressed as a zero-day in mid-February, with the release of iOS and iPadOS 16.3.1 and macOS Ventura 13.2.1.  Apple credited an anonymous researcher for reporting the bug.  Impacting WebKit, the flaw can lead to arbitrary code execution during the processing of maliciously crafted web content and was addressed with improved checks.  According to Apple, they are aware of a report that this issue may have been actively exploited.  Patches for this vulnerability are included in iOS 15.7.4 and iPadOS 15.7.4, which are now rolling out to all iPhone 6s and iPhone 7 models, first-generation iPhone SE, iPad Air 2, fourth-gen iPad mini, and seventh-gen iPod touch.  Apple noted that the security update contains fixes for a total of 16 vulnerabilities that could lead to information leaks, memory write, arbitrary code execution, VPN server spoofing, and to the use of sensitive user data to perform certain actions.  This week, Apple also released security updates for the latest-generation iPhone and iPad models to address a total of 33 vulnerabilities.  Rolling out as iOS 16.4 and iPadOS 16.4, the platform updates also bring several user-experience enhancements.  Nearly 60 vulnerabilities were addressed with the release of macOS Ventura 13.3 this week.  macOS Monterey 12.6.4 and Big Sur 11.7.5 were released with patches for over 25 vulnerabilities each.  Apple also patched two vulnerabilities with the release of Safari 16.4, which is now available for macOS Big Sur and macOS Monterey users.  Security updates are also available for tvOS and watchOS, as well as for Studio Display firmware for macOS Ventura. 

SecurityWeek reports: "iOS Security Update Patches Exploited Vulnerability in Older iPhones"