February 14, 2023
Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges.
The Zero-Day Vulnerability
- CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes and lead to RCE with kernel privileges on compromised Macs after opening a malicious web page.
- Macs running macOS ‘Ventura’ prior to version 13.2.1.
- Safari prior to 16.3.1 for macOS Big Sur and macOS Monterey.
CYREBRO recommends updating macOS ‘Ventura’ to version 13.2.1 and ‘Safari’ to version 16.3.1 to mitigate the vulnerability.
References: Apple Advisory