Apple corrects new Webkit zero-day attack on iPhones

Apple today released security updates that fixed the tenth zero day vulnerability it has discovered since January. This latest vulnerability was actively exploited in attacks on iPhones.

Apple warned that this vulnerability could have been exploited against older versions of iOS/iPadOS 15.7.2 and Safari 16.2, respectively.

The bug ( ) is caused by type confusion in Apple’s Webkit browser.

Clement Lecigne, Google’s Threat Analysis Group discovered the flaw. Maliciously-crafted web content could be used to execute arbitrary code on vulnerable devices.

The malicious site could execute code arbitrarily to access the operating system and deploy other malware, spyware or do any other malign activities.

Apple has addressed zero-day vulnerabilities with better state handling on the following models: iPhone 6s (all versions), iPhone 7s (all models), iPhone SE (1st Generation), iPhone Pro (1st Generation), iPad Pro (2nd Generation), iPad Air 2 and Later, iPad Air 2and later, iPad 5th Gen and Later, iPad mini 4 & later, iPod touch (7th Generation).

Repair your iPads and iPhones with macOS Ventura

Apple disclosed the vulnerability to threat actors, but they are yet to disclose any specific details.

We will probably learn more about the vulnerability in a blog post, however, since it was found by Clement Lecigne, Google’s Threat Intelligence team.

This is often done in order to enable users to fix their devices before any other threat actors examine the patches and create their own exploits.

Although this zero-day vulnerability was most likely to be used in targeted attacks, it’s still recommended that you install security updates today.

Apple has now fixed ten zero-days since the beginning of the year.