Apple has issued an urgent patch to address a zero-day flaw that has been actively exploited in the wild. The vulnerability, tracked as CVE-2023-37450, affects iOS, iPadOS, macOS, and Safari. The company has urged users to update their devices immediately to protect against potential attacks.
The flaw was discovered by an anonymous researcher and was found to be a type confusion issue in the IOMobileFrameBuffer of Apple’s operating systems. This could allow an application to execute arbitrary code with kernel privileges, providing full control over the affected device.
Apple has released iOS 15.6.1, iPadOS 15.6.1, macOS Monterey 12.4.1, and Safari 15.1.1 to address this vulnerability. The company has not disclosed any details about the attacks exploiting this flaw, but it has confirmed that it has evidence of the vulnerability being exploited in the wild.
The company’s support page provides detailed instructions on how to update your Apple devices. For iOS and iPadOS, go to Settings > General > Software Update. On macOS, go to Apple menu > System Preferences, then click Software Update. For Safari, ensure that your device is updated to the latest version of macOS, iOS, or iPadOS, as Safari updates are included within these.
Apple has thanked the anonymous researcher for disclosing the vulnerability and has reiterated its commitment to user security and privacy. The company has also reminded users to only download applications from trusted sources, such as the App Store, to further protect their devices.