Tech giant Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads.

The vulnerability (CVE-2023-23529) is a WebKit-type confusion issue that the company fixed on newer iPhone and iPad devices on February 13, 2023.

Potential attackers can use it to trigger OS crashes and gain code execution on compromised iOS and iPadOS devices following successful exploitation.

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” Apple describes the zero-day. “Apple is aware of a report that this issue may have been actively exploited.”

Apple has also addressed the zero-day in iOS 15.7.4 and iPadOS 15.7.4 today with improved checks.

The list of impacted devices includes iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices.

READ
Apple Brings iCloud Passwords to Firefox—But Only on macOS Sonoma