Apple fixes three new zero-days exploited to hack iPhones, Macs

18-May-23

Three fresh zero-day flaws that might have been used to hack into iPhones, Macs, and iPads have been fixed by Apple. The security flaws are all identified as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 and were all discovered in the cross-platform WebKit browser engine.

In security advisory outlining the issues, Apple stated that it was “aware of a report that this issue may have been actively exploited.” A sandbox escape vulnerability in the first issue allows remote attackers to bypass Web Content sandboxes. The other two are a use-after-free flaw that permits arbitrary code execution on compromised devices and an out-of-bounds read that lets attackers to access sensitive data, both after tricking the targets into loading maliciously constructed web pages.

Read More…