Apple patches urgent WebKit zero-day flaw — update these iPhones right now
Published March 28, 2023
Emergency security update has been backported to older iPhones and iPads
After releasing a series of emergency security updates to patch a new WebKit zero-day flaw last month, Apple has now backported these patches to older iPhones and iPads.
The vulnerability (tracked as CVE-2023-23529(opens in new tab)) is a WebKit type confusion issue that was discovered by an anonymous researcher. If exploited by an attacker though, it could be used to execute arbitrary code on vulnerable iPhones, iPads and Macs after a user navigates to a malicious website.
While the best iPhones and best iPads were patched back in February with the release of iOS 16.3.1 and iPadOS 16.3.1, Apple is now bringing a fix for the issue to its older devices, according to a new report from BleepingComputer(opens in new tab). This is great news especially since a recent report indicated that this WebKit zero-day “may have been actively exploited” in the wild.
Although we know that hackers may have leveraged this flaw in their attacks, Apple has remained quite tight-lipped and hasn’t provided any details. However, the company often operates this way so that its customers have more time to update their devices. Once hackers know how another attacker has exploited a zero-day vulnerability, many of them will try and launch similar attacks using it.
Which iPhones are receiving updates?
Unlike with the best Android phones that no longer receive security updates once they’ve reached their end of support date, Apple knows that many of its customers continue to use older iPhones.
For instance, back in January, the almost a decade old iPhone 5s received a security update for a remotely exploitable zero-day flaw. If you’re curious as to whether or not you can keep using an older smartphone, check out our guide on when an old smartphone becomes unsafe to use.
This time around, Apple has backported its recent security update to the iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen) and even the iPod touch (7th gen).
If you’re still using one of these devices, it’s highly recommended that you download and install this new security update when it becomes available. This way you can stay safe from hackers looking to exploit this flaw in their attacks since they often target users that fail to update their devices.
Besides keeping your iPhone and other Apple devices updated with the latest software and security patches, there are some other steps you can take to help keep them more secure.
Although there isn’t an iPhone equivalent for the best Android antivirus apps due to Apple’s restrictions on malware scanning, one of the best Mac antivirus software solutions does offer a workaround. With either Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9, you can hook up your iPhone or iPad to your Mac and have the software scan your devices for malware.
For general iPhone security though, you want to avoid opening emails and attachments from unknown senders and you also want to be careful regarding which apps you install on your devices. The Apple App Store has loads of security restrictions in place but malicious apps do manage to slip through the cracks from time to time.
Even if you’re not ready to buy an iPhone 14 just yet, it’s good to see that Apple continues to support its older devices longer after many other companies would have abandoned them.
Senior Editor Security and Networking
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.
One thought on “Time to update those old iPhones — Apple has sent out URGENT fix”