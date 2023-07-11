Apple is rolling out a new set of Rapid Security Response (RSR) updates to address its tenth zero-day vulnerability in 2023, Bleeping Computer reports.

The new zero-day has been exploited in attacks and impacted entirely up-to-date iPhones, Macs, and iPads.

The flaw was found in Apple’s WebKit browser engine, and its exploitation allowed attackers to gain arbitrary code execution on target devices by tricking users into opening malicious web pages.

“Apple is aware of a report that this issue may have been actively exploited,” Apple said in its iOS and MacOS notices regarding the vulnerability.

“This Rapid Security Response provides important security fixes and is recommended for all users.”

Apple tackled the vulnerability by implementing improved checks to dampen exploitation attempts.

This is the tenth zero-day impacting iPhones, Macs, and iPads that Apple has had to patch in 2023.

A previous incident saw Apple address three vulnerabilities exploited to deploy triangulation spyware on iPhones.

Kaspersky dubbed the iOS spyware campaign “Operation Triangulation”, and attackers could deploy the implant — TriangleDB — once they obtained root privileges on a target device by exploiting the kernel vulnerability.

“It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted,” Kaspersky said.

“Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again.”

“In case no reboot occurs, the implant uninstalls itself after 30 days unless this period is extended by the attackers,” it added.

Before these, Apple addressed three zero-days in May, two in April, and another in February 2023.

Now read: Security flaw threatens hundreds of solar power stations