Apple Rushes Emergency WebKit Patches for Actively Exploited Zero-Days

Apple has entered emergency patching mode after discovering multiple zero-day vulnerabilities in WebKit being actively exploited in the wild. The flaws affect all supported versions of iOS, iPadOS, macOS, tvOS, and Safari, potentially impacting hundreds of millions of Apple devices worldwide.

The vulnerabilities, tracked as CVE-2023-32409 and CVE-2023-28204, exist in WebKit's handling of web content. Successful exploitation could allow attackers to execute arbitrary code on vulnerable devices simply by having victims visit specially crafted malicious websites. This type of 'drive-by download' attack requires no user interaction beyond loading a webpage, making it particularly dangerous.

Security researchers analyzing the flaws found they involve memory corruption issues that can be triggered during web content processing. Apple has addressed these with improved memory handling and state management in WebKit. The company acknowledged it's 'aware of reports that these vulnerabilities may have been actively exploited' before patches were available.

This marks Apple's fourth zero-day patch rollout in 2023, continuing a concerning trend of increasing mobile platform vulnerabilities being weaponized before fixes exist. The rapid exploitation underscores how WebKit remains a prime target for attackers due to its central role in Apple's ecosystem - it powers not just Safari but also in-app browsers and other system components.

Enterprise security teams should note that while these are technically browser engine vulnerabilities, they affect far more than just Safari. Any application using WebKit for web rendering could serve as an attack vector. This expands the potential attack surface significantly across both personal and corporate Apple devices.

Apple has released updates for:

Organizations managing fleets of Apple devices should prioritize these updates, especially for employees who handle sensitive data or access corporate resources from mobile devices. The active exploitation in targeted attacks suggests threat actors may be focusing on high-value targets, potentially including corporate and government users.

This incident follows similar emergency patches from other major vendors recently, including Mozilla's critical Firefox update addressing a zero-day similar to one recently patched in Chrome. The frequency of these out-of-cycle updates highlights the growing sophistication of threat actors in discovering and weaponizing browser vulnerabilities.