Active Exploitation of Zero-day Vulnerability in Apple Products

Published on 11 Jul 2023

Apple has released security updates to address a zero-day vulnerability (CVE-2023-37450) in their products. The vulnerability is reportedly being actively exploited.

Update: Apple released Rapid Security Responses iOS 16.5.1 (c) and iPadOS 16.5.1 (c) on 12 July 2023 to address this issue. (Source: https://support.apple.com/en-us/HT213823)

Successful exploitation of the vulnerability could allow an attacker to perform arbitrary code execution by processing maliciously crafted web content.

The vulnerability affects the following products:

  • iPhone 6s (all models)
  • iPhone 7 (all models)
  • iPhone SE (1st generation)
  • iPhone 8 and later
  • iPad 5th generation and later
  • iPad Air 3rd generation and later
  • iPad Air 2
  • iPad mini 4th generation and later
  • iPad Pro (all models)
  • iPod Touch (7th generation)
  • Macs running macOS Big Sur, Monterey, and Ventura

Users of affected products are advised to install the latest security updates immediately.

Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.

More information is available here:
https://support.apple.com/en-us/HT213823
https://support.apple.com/en-us/HT213825
https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/