Apple Patches Critical WebKit Vulnerabilities in iOS and iPadOS Updates
Apple has released security updates addressing two critical WebKit vulnerabilities that left millions of iPhones and iPads exposed to potential attacks. The flaws, identified in the engine powering Safari and all iOS browsers, could allow malicious websites to execute harmful code, granting attackers control over devices and access to sensitive data, including passwords and payment details.
The vulnerabilities were reportedly exploited in a sophisticated attack targeting specific individuals, as confirmed by Apple in late 2023. While the company released fixes in iOS 26.2 and iPadOS 26.2, adoption remains low only about 20% of users have installed the update, leaving the majority of devices at risk.
WebKit flaws stem from memory-related errors, enabling attackers to exploit them simply by luring users to a compromised webpage. Since WebKit underpins all iOS and iPadOS browsers, a single vulnerability can impact millions of devices.
Affected Devices:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd generation) and later
- iPad Pro 11-inch (1st generation) and later
- iPad Air (3rd generation) and later
- iPad (8th generation) and later
- iPad mini (5th generation) and later
Apple continues to urge users to update to the latest software versions to mitigate risks, as future security releases will build on these fixes. Devices running outdated software remain vulnerable to exploitation.
Source: https://www.newsweek.com/apple-security-risk-full-list-iphones-ipads-11387901
AppleInsider cybersecurity rating report: https://www.rankiteo.com/company/appleinsider
"id": "APP1768941532",
"linkid": "appleinsider",
"type": "Vulnerability",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions of iPhone and iPad '
'users',
'industry': 'Consumer Electronics, Software',
'location': 'Global',
'name': 'Apple',
'size': 'Large',
'type': 'Technology Company'}],
'attack_vector': 'Malicious websites',
'customer_advisories': 'Urging users to update to the latest software '
'versions.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive data, passwords, '
'payment details'},
'date_detected': '2023',
'date_publicly_disclosed': '2023',
'description': 'Apple has released security updates addressing two critical '
'WebKit vulnerabilities that left millions of iPhones and '
'iPads exposed to potential attacks. The flaws could allow '
'malicious websites to execute harmful code, granting '
'attackers control over devices and access to sensitive data, '
'including passwords and payment details.',
'impact': {'data_compromised': 'Passwords, payment details, sensitive data',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'iOS and iPadOS devices'},
'initial_access_broker': {'high_value_targets': 'Specific individuals'},
'post_incident_analysis': {'corrective_actions': 'Patches for '
'vulnerabilities, urging '
'users to update',
'root_causes': 'WebKit memory-related errors'},
'recommendations': 'Update to the latest iOS and iPadOS versions to mitigate '
'risks.',
'references': [{'source': 'Apple Security Updates'}],
'response': {'communication_strategy': 'Urging users to update to the latest '
'software versions',
'containment_measures': 'Security updates (iOS 26.2 and iPadOS '
'26.2)',
'remediation_measures': 'Patches for WebKit vulnerabilities'},
'title': 'Apple Patches Critical WebKit Vulnerabilities in iOS and iPadOS '
'Updates',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'WebKit memory-related errors'}