Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now

iPhone 14 in hand

Apple has once again released security updates to address zero-day vulnerabilities that are being used in attacks against iPhone, iPads and Macs.

In a security advisory posted on its site, the Cupertino-based company explained that it is aware of a report that these issues may have been actively exploited by hackers. For this reason, it’s important that you install the latest security updates for your Apple devices as soon as possible.

All three of these new zero-days were discovered in the open source WebKit browser engine that powers Apple’s Safari as well as Google Chrome on iOS, iPadOS and macOS. According to BleepingComputer, the first vulnerability (tracked as CVE-2023-32409) is a sandbox escape that can be leveraged by an attacker to break out of Web Content sandboxes.

The next zero-day (tracked as CVE-2023-28204) is an out-of-bounds read flaw that can be used by an attacker to gain access to sensitive information stored on Apple devices. Meanwhile, the third zero-day is a use-after-free issue that allows arbitrary code to be run on compromised devices.

As Apple often does, the company hasn’t released details on any attacks exploiting these zero-day vulnerabilities yet in order to give its customers more time to update their devices.

Which Apple devices are affected?

As these three zero-day flaws affect both older and newer Apple smartphones, tablets, computers, smartwatches and streaming gear, the list of impacted devices is quite extensive. Here are all of the ones that are affected

  • iPhone 6s
  • iPhone 7
  • iPhone SE (1st gen)
  • iPhone 8 and later
  • iPad Air 2
  • iPad Mini (4th gen)
  • iPod touch (7th gen)
  • Macs running macOS Big Sur, Monterey and Ventura
  • Apple Watch Series 4 and later
  • Apple TV 4K (all models)
  • Apple TV HD

Fortunately though, Apple has patched these flaws with the release of macOS Ventura 13.4, iOS 16.5, iPadOS 16.5, tvOS 16.5, watchOS 9.4 and Safari 16.5. However, the last two zero-day flaws were first fixed through the company's Rapid Security Response (RSR) patches for iOS 16.5.1 and macOS 13.3.1 released at the beginning of this month.

How to stay safe from attacks leveraging zero-day flaws

(Image credit: robert coolen/Shutterstock)

Unlike with malicious apps or malware, there isn’t actually much you can do as an end user to protect yourself from attacks that exploit zero-day vulnerabilities. While the best Mac antivirus software can help keep you protected from most cyberattacks, the same can’t be said for those that leverage zero-days.

The reason for this is that by definition, a zero-day vulnerability is one that was discovered by attackers before a company became aware of it. Patches haven’t yet been made to fix them and unfortunately, you’ll need to wait on Apple or other tech companies to address them.

Still, once patches do become available, it’s up to you to install them as soon as possible. Waiting to do so puts you at risk as hackers often target users that have yet to install the latest security updates.

We might possibly hear more about the attacks that have been spotted in the wild leveraging these flaws but usually, Apple likes to play things close to the chest when it comes to zero-days.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.