article featured image


Apple is backporting two security patches released on Friday. The updated patches address zero-day vulnerabilities on iPhones, iPads, and Macs.

Details About the Vulnerabilities

The first flaw, tracked as CVE-2023-28206, is an out-of-bounds write issue. This bug may permit threat actors to execute arbitrary code with kernel privileges on unpatched devices using malicious apps.

Apple is aware of a report that this issue may have been actively exploited.


The second zero-day vulnerability, tracked as CVE-2023-28205, is a WebKit use after free. Cybercriminals can leverage it to execute malicious code after the user loads a malicious website page.

Today, Apple addressed the zero-days in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management.


The following list of devices has reportedly had the issues fixed, according to the tech giant:

  • iPhone 6s (all models)
  • iPhone 7 (all models)
  • iPhone SE (1st generation)
  • iPad Air 2
  • iPad mini (4th generation)
  • iPod touch (7th generation)
  • Macs running macOS Monterey and Big Sur

Context for the Flaws

Google’s Threat Analysis Group and Amnesty International’s Security Lab confirmed that the vulnerabilities were exploited in attacks. Researchers warn that these types of flaws are often used by government-backed threat actors to deploy spyware on targets’ devices.

Apple patched another WebKit zero-day (CVE-2023-23529) in mid-February. The hackers used the flaw to trigger crashes and gain code execution on iOS, iPadOS, and macOS devices.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.