"Apple Ships Urgent iOS Patch for WebKit Zero-Day"

Apple recently rolled out an urgent software update to its iOS and iPadOS mobile operating systems and warned that zero-day exploitation has already been detected.  For the second time since adopting the “rapid security responses” process to address zero-day attacks, Apple pushed iOS 16.5.1 (a) and iPadOS 16.5.1 (a) to devices globally after an anonymous researcher disclosed the underlying vulnerability.  The security defect exists in WebKit, the browser engine used by Safari, Mail, AppStore, and many other apps on iOS and macOS-powered devices.  Apple noted that processing web content may lead to arbitrary code execution.  Apple is aware of a report that this issue may have been actively exploited.  The issue was addressed with improved checks.  The vulnerability is CVE-2023-37450.  So far, in 2023, there have been 41 publicly documented cases of zero-day attacks, with more than one-fifth (22 percent) affecting software code on Apple devices.

SecurityWeek reports: "Apple Ships Urgent iOS Patch for WebKit Zero-Day"