To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Apple have recently issued several security vulnerability update notices, among which Apple Webkit Arbitrary Code Execution Vulnerability (CVE-2023-23529) is a zero-day vulnerability. There are signs that the related vulnerabilities have been exploited recently. Please arrange backup and install updates as soon as possible if you are using the above affected products.

Related vulnerabilities

Apple Webkit Arbitrary Code Execution Vulnerability (CVE-2023-23529)

Due to the type confusion error in Apple Webkit, this vulnerability allows an unauthenticated remote attacker to trick the victim to visit its specially crafted malicious website, which causes Webkit to trigger a type confusion error when processing the web content, and finally execute arbitrary code on the target system. In addition, attackers can combine CVE-2023-23529 and CVE-2023-23514 to escalate privileges and escape the Safari sandbox.

Affected Products

• Apple iOS < 16.3.1, iPadOS < 16.3.1, Apple macOS Ventura < 13.2.1
• Apple watchOS < 9.3.1, Apple tvOS < 16.3.2, Apple Safari < 16.3.1

For more details, please refer to:

• https://support.apple.com/en-us/HT213633 
• https://support.apple.com/en-us/HT213635

Mitigation

If the above-mentioned affected products are being used, please

• arrange testing and install security updates released by Apple as soon as possible;
• pay attention to backup work before updating.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office