iPhone and Mac Users Beware: PoC Exploit for CVE-2023-41993 Zero-Day Released
On October 15, 2023, a security researcher released a proof-of-concept (PoC) exploit for a zero-day vulnerability (CVE-2023-41993) affecting iPhone and Mac users. The vulnerability has a CVSS score of 9.8 and is found in the WebKit browser engine, which is used in various Apple services, including Safari. The flaw could allow a remote attacker to run any code on the victim's system by luring them into opening malicious web content. Apple acknowledged that earlier versions of iOS, before iOS 16.7, might have been prime targets for active exploitation using this flaw. The vulnerability was discovered by Bill Marczak from The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone from Google’s Threat Analysis Group. The bug is based on a confusion or error regarding data offsets within the WebKit component, which can be manipulated to create a type mismatch between two distinct objects in the system. The researcher shared a PoC exploit on Github detailing the zero-day CVE-2023-41993 vulnerability. Apple introduced fixes for the zero-day vulnerabilities in macOS 12.7/13.6, iOS 16.7/17.0.1, iPadOS 16.7/17.0.1, and watchOS 9.6.3/10.0.1, addressing the WebKit issue and improving certificate validation checks. CVEs: CVE-2023-41993 [View Article](https://securityonline.info/iphone-and-mac-users-beware-poc-exploit-for-cve-2023-41993-zero-day-released/)