A vulnerability in WebKit was discovered long ago and has been widely exploited. Technically, the vulnerability located in the kernel (CVE-2023-23514) by researchers Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero, involved an application with the ability to execute arbitrary code with kernel privileges. But thanks to the new updates, those holes are already overcome.
Apple on Monday released iOS 16.3.1 and macOS Ventura 13.2.1 to all users. While the company wasn’t clear on what changed with the updates at first, it has now been revealed that macOS Ventura 13.2.1 fixes a security hole in WebKit that has been, as per the words verbatim: “actively exploited”by the attackers. According to an Apple support web page, today’s macOS update fixes an exploit affecting WebKit, the engine behind Apple’s Safari web browser. More specifically, Apple says that it is aware that attackers have been using this exploit to execute arbitrary code.
If you’re wondering if it’s valid for those running older versions of macOS, then yes it is. The patch for the same security exploit can be obtained, because Apple has also released Safari 16.3.1 for macOS Big Sur and macOS Monterey. It is almost mandatory that you update to these latest versions. Because not only is this security hole corrected, it has been widely exploited. If not, many more are corrected, some of them that have not been publicized. That’s why it’s important that you go to the Software Update menu in the System Settings app.
Remember that macOS 13.2 was released and fixed more than 20 security fixes. That it is clear that they prevent applications from accessing sensitive user data, executing arbitrary code with kernel privileges. Don’t let it go.
