Apple has released several security updates for iOS, iPadOS, macOS, and watchOS. Among other things, these updates fix a zero-day fix that allowed hackers to execute arbitrary code with kernel privileges.

Kernel vulnerability concerns CVE-2023-32434And Apple reports in its patch notes. A kernel vulnerability may cause a Integer overflow It allowed hackers to execute arbitrary code with kernel privileges. According to Apple, this was actively used in practice on iOS versions released before 15.7. Apple does not say whether the vulnerability has also been exploited on other platforms, such as macOS.

Apple has now addressed the vulnerability in iOS and iPadOS versions 16.5.1 and 15.7.7. The issue has also been resolved in macOS 13.4.1, 12.6.7, and 11.7.8. The bug was also present in watchOS and has been fixed in versions 9.5.2 and 8.8.1 of that operating system. Users are advised to install updates.

iOS and iPadOS updates also fix a security vulnerability in WebKit, CVE-2023-32439, on me. This vulnerability could cause type confusion. It allowed arbitrary code to be executed using specially prepared web content. According to reports, this vulnerability has also been actively exploited, says Apple. WebKit forms the basis of all web browsers on iOS and iPadOS, as well as the Safari browser for macOS.