A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple macos |
||
apple ipados |
||
apple iphone os |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources WebKit flaw 'may have been exploited' – just like Tim Cook 'may have' made a million bucks this week
Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited. Updates macOS 13.2.1, iOS 16.3.1, iPadOS 16.3.1, and Safari 16.3.1 fix the flaw, tracked as CVE-2023-23529, which may allow maliciously crafted web content to execute arbitrary code. It's described by Apple as a type confusion flaw fixed by improved checks. The issue had to do with JsonWebToken co...