Apple patches urgent WebKit zero-day flaw — update these iPhones right now

iPhone SE
(Image credit: Future)

After releasing a series of emergency security updates to patch a new WebKit zero-day flaw last month, Apple has now backported these patches to older iPhones and iPads.

The vulnerability (tracked as CVE-2023-23529) is a WebKit type confusion issue that was discovered by an anonymous researcher. If exploited by an attacker though, it could be used to execute arbitrary code on vulnerable iPhones, iPads and Macs after a user navigates to a malicious website.

While the best iPhones and best iPads were patched back in February with the release of iOS 16.3.1 and iPadOS 16.3.1, Apple is now bringing a fix for the issue to its older devices, according to a new report from BleepingComputer. This is great news especially since a recent report indicated that this WebKit zero-day “may have been actively exploited” in the wild.

Although we know that hackers may have leveraged this flaw in their attacks, Apple has remained quite tight-lipped and hasn’t provided any details. However, the company often operates this way so that its customers have more time to update their devices. Once hackers know how another attacker has exploited a zero-day vulnerability, many of them will try and launch similar attacks using it.

Which iPhones are receiving updates?

Unlike with the best Android phones that no longer receive security updates once they’ve reached their end of support date, Apple knows that many of its customers continue to use older iPhones.

For instance, back in January, the almost a decade old iPhone 5s received a security update for a remotely exploitable zero-day flaw. If you’re curious as to whether or not you can keep using an older smartphone, check out our guide on when an old smartphone becomes unsafe to use.

This time around, Apple has backported its recent security update to the iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen) and even the iPod touch (7th gen).

If you’re still using one of these devices, it’s highly recommended that you download and install this new security update when it becomes available. This way you can stay safe from hackers looking to exploit this flaw in their attacks since they often target users that fail to update their devices.

How to keep your iPhone safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Besides keeping your iPhone and other Apple devices updated with the latest software and security patches, there are some other steps you can take to help keep them more secure.

Although there isn’t an iPhone equivalent for the best Android antivirus apps due to Apple’s restrictions on malware scanning, one of the best Mac antivirus software solutions does offer a workaround. With either Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9, you can hook up your iPhone or iPad to your Mac and have the software scan your devices for malware.

For general iPhone security though, you want to avoid opening emails and attachments from unknown senders and you also want to be careful regarding which apps you install on your devices. The Apple App Store has loads of security restrictions in place but malicious apps do manage to slip through the cracks from time to time.

Even if you’re not ready to buy an iPhone 14 just yet, it’s good to see that Apple continues to support its older devices longer after many other companies would have abandoned them.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
iOS 18 home screen customization features
Apple will no longer allow users to downgrade from iOS 18.3 — here’s why
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Latest in iPhones
iPhone 17 Air render
iPhone 17 Air — new survey could be bad news for Apple's super thin iPhone
Render of the alleged design of the iPhone 17 Pro
New iPhone 17 Pro dummy leak highlights redesigned camera and part glass body
Siri in iOS 18 on iPhone
Users complain that Siri can’t answer even the most basic questions — here’s what we know
iPhone 16 next to samsung galaxy watch 7 and bose wireless earbuds on a composite image
Apple's walled garden is crumbling — EU orders iOS to open up to third-party devices
Apple iPhone 16 & 16 Plus hands-on.
Forget USB-C — a truly portless iPhone just got the all-clear from the EU
iPhone Flip render
iPhone Flip could solve one of the biggest problems with foldable phones — here's how
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
Lewis Hamilton of Great Britain and Scuderia Ferrari looks on during Sprint Qualifying ahead of the F1 Grand Prix of China at Shanghai International Circuit in Shanghai, China, on March 21, 2025. (Photo by Song Haiyuan/Paddocker/NurPhoto via Getty Images)
How to watch Chinese Grand Prix 2025 online – stream F1 without cable, qualifying highlights