Apple has released an urgent security update for older iPhone and iPad models to address a type of confusion bug in the WebKit browser engine that could lead to arbitrary code execution. The bug, tracked as CVE-2023-23529, was initially addressed by the company with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. Apple warned that the vulnerability could be exploited by processing maliciously crafted web content, and added that it is “aware of a report that this issue may have been actively exploited.” The company has not provided technical specifics of the exploitation, a move that is in line with standard procedure to prevent further attacks on susceptible devices.
Limited Security Update Release:
The new update is available in versions iOS 15.7.4 and iPadOS 15.7.4 for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). It is important to note that this security update is only for older devices and does not affect newer models that are running the latest operating systems.
Apple’s Latest OS Updates:
The security update comes as Apple released iOS 16.4, iPadOS 16.4, macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, tvOS 16.4, and watchOS 9.4 with numerous bug fixes. This update is expected to address several known issues, including a bug that may have caused battery drain in some older iPhone models.
Apple has been taking significant steps in recent years to improve the security of its devices, including regular security updates and bug fixes. However, security researchers have continued to uncover vulnerabilities that could potentially be exploited by cybercriminals, highlighting the importance of regularly updating devices to protect against such threats. It is always recommended that users keep their devices updated to the latest software version to ensure optimal security.