Get in Touch
Please get in touch using the form below.
iOS 16.3.1 fixes a vulnerability being exploited in the wild
Overview
Apple has released an update for iOS to address a remote code execution vulnerability in Safari which is being exploited in the wild.
The bug (CVE-2023-23529) is a type confusion issue with WebKit which also affects macOS Ventura.
Apple requires all browser vendors to use the WebKit rendering engine, meaning all browser apps for the device are affected.
Another bug (CVE-2023-23514) fixed in the latest iOS update would allow local privilege escalation.
Impact
Processing maliciously crafted web content may lead to arbitrary code execution.
An app may be able to execute arbitrary code with kernel privileges.
Vulnerability Detection
To see the current version on iOS go to
`Settings > General > About`
Affected Products
– iPhone 8 and later
– iPad Pro (all models)
– iPad Air 3rd generation and later
– iPad 5th generation and later
– iPad mini 5th generation and later
– macOS Ventura
– macOS Big Sur
– macOS Monterey
Containment, Mitigations & Remediations
Devices should be updated as soon as possible.
To update iOS go to
Settings > General > Software Update
This should either say “iOS is up to date” or give you the option to update.
Indicators of Compromise
None given.
Mitre Methodologies
T1404 – Exploitation for Privilege Escalation
T1456 – Drive-By Compromise