Apple on Monday rolled out an urgent software update to its iOS and iPadOS mobile operating systems and warned that zero-day exploitation has already been detected.
For the second time since adopting the “rapid security responses” process to address zero-day attacks, Apple pushed iOS 16.5.1 (a) and iPadOS 16.5.1 (a) to devices globally after an anonymous researcher disclosed the underlying vulnerability.
A barebones advisory from Cupertino said the security defect exists in WebKit, the browser engine used by Safari, Mail, AppStore and many other apps on iOS- and macOS-powered devices.
“Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said. “The issue was addressed with improved checks.”
The vulnerability has been tagged as CVE-2023-37450.
So far in 2023, there have been 41 publicly documented cases of zero-day attacks with more than one-fifth (22 percent) affecting software code on Apple devices.
Related: Problems Installing Apple’s First iOS Rapid Security Response Patch
Related: Apple Ships Urgent iOS Patch for Exploited Zero-Days
Related: Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
Related: Apple Says WebKit Zero-Day Hitting iOS, macOS Devices
https://www.securityweek.com/apple-ships-urgent-ios-patch-for-webkit-zero-day/