According to Apple, a serious vulnerability in Apple's browser engine WebKit is currently being exploited. 

The vulnerability has the designation CVE-ID 2023-23529. 
The processing of manipulated web content can lead "to the execution of arbitrary code", Apple warns - i.e. even when simply calling up a web page.

It is therefore urgently recommended to apply the emergency update to versions 16.3.1 for iOS and iPadOS and 13.2.1 for macOS.