Apple has released fixes for vulnerabilities affecting older iPhone and iPad models that could lead to remote code execution (RCE).
The tech giant released its iOS 15.7.4 and iPadOS 15.7.4 updates on Monday, along with new iOS 16.4 and iPadOS 16.4 versions (for new Apple models).
Learn more about iOS security features here: Apple introduces new data protections to boost cloud security
This vulnerability affects many older Apple devices, including all “iPhone” 6s and “iPhone” 7 models, 1st generation iPhone SE, iPad Air 2, 4th generation iPad mini, and 7th generation iPod touch. affect the device.
The vulnerability (CVE-2023-23529) refers to a type confusion bug in the WebKit browser engine. It was reportedly fixed by Apple on February 13th, but was only made public on Monday.
“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in an advisory. “For the protection of our customers, Apple will not disclose, discuss, or confirm security issues until an investigation has been conducted and a patch or release is available.”
At the same time, the Cupertino-based company said it was aware of “reports that this issue may have been actively exploited.”
As is customary, the company did not share details about how the vulnerability is being exploited in practice or how it affects iPhone and iPad users. said to have dealt with An anonymous researcher was given credit for the discovery.
This patch comes months after Apple released another fix for a real, actively exploited zero-day security flaw (CVE-2022-42856).
Recently, cybersecurity researchers at Trellix uncovered six macOS and iOS vulnerabilities and an entirely new bug class based on the ForcedEntry attack used to deploy NSO Group’s mobile Pegasus malware.
Editorial image credit: nikkimeel / Shutterstock.com
