Apple has released nine security updates addressing vulnerabilities in multiple products. Apple are reporting exploitation of CVE-2023-23529, which impacts iOS, iPadOS, macOS Big Sur, macOS Monterey, and Safari. This vulnerability could allow unauthenticated, remote attackers to execute arbitrary code or trigger OS crashes.

Exploitation of CVE-2023-23529 in iOS, iPadOS, Safari, macOS Big Sur, and macOS Monterey

Apple has reported that CVE-2023-23529 is being actively exploited.

Remediation advice

Affected organisations are encouraged to review the following Apple security advisories and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	macOS Monterey 12.6.4 \| HT213677 https://support.apple.com/en-gb/HT213677
Patch	macOS Big Sur 11.7.5 \| HT213675 https://support.apple.com/en-gb/HT213675
Patch	tvOS 16.4 \| HT213674 https://support.apple.com/en-gb/HT213674
Guidance	watchOS 9.4 \| HT213678 https://support.apple.com/en-gb/HT213678
Patch	iOS 16.4 and iPadOS 16.4 \| HT213676 https://support.apple.com/en-gb/HT213676
Patch	iOS 15.7.4 and iPadOS 15.7.4 \| HT213673 https://support.apple.com/en-gb/HT213673
Patch	Safari 16.4 \| HT213671 https://support.apple.com/en-gb/HT213671
Patch	Studio Display Firmware Update 16.4 \| HT213672 https://support.apple.com/en-gb/HT213672

CVE Vulnerabilities

Status Published

CVE-2023-23529

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Last edited: 29 March 2023 4:55 pm