Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” The notes accompanying the updates also revealed that Apple’s first Rapid Security Response update, which was pushed out earlier this month, contained fixes for two WebKit 0-days (CVE-2023-28204 and CVE-2023-32373). About the vulnerabilities CVE-2023-28204 and CVE-2023-32373 can be triggered by WebKit – the browser engine that powers Safari and all web browsers on iOS and iPadOS – processing specially crafted web content.
Read full article on Help Net Security