February 14, 2023

Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges.

The Zero-Day Vulnerability

• CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes and lead to RCE with kernel privileges on compromised Macs after opening a malicious web page.

Affected Products

• Macs running macOS ‘Ventura’ prior to version 13.2.1.
• Safari prior to 16.3.1 for macOS Big Sur and macOS Monterey.

Mitigation

CYREBRO recommends updating macOS ‘Ventura’ to version 13.2.1 and ‘Safari’ to version 16.3.1 to mitigate the vulnerability.

References: Apple Advisory