[email protected]
Call us : 1(800) 325-1874
Free Counsultancy
Get Started

Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Dec 2, 2023 | Zero-Day | 0 comments

Apple_Hackerd_isectech

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.

The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –

  • CVE-2023-42916 – An out-of-bounds read issue that could be exploited to leak sensitive information when processing web content.
  • CVE-2023-42917 – A memory corruption bug that could result in arbitrary code execution when processing web content.

Apple said it’s aware of reports exploiting the shortcomings “against versions of iOS before iOS 16.7.1,” which was released on October 10, 2023. Clément Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the twin flaws.

Cybersecurity

The iPhone maker did not provide additional information regarding ongoing exploitation, but previously disclosed zero-days in iOS have been used to deliver mercenary spyware targeting high-risk individuals, such as activists, dissidents, journalists, and politicians.

It’s worth pointing out here that every third-party web browser that’s available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, are powered by the WebKit rendering engine due to restrictions imposed by Apple, making it a lucrative and broad attack surface.

The updates are available for the following devices and operating systems –

  • iOS 17.1.2 and iPadOS 17.1.2 – iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
  • macOS Sonoma 14.1.2 – Macs running macOS Sonoma
  • Safari 17.1.2 – Macs running macOS Monterey and macOS Ventura

With the latest security fixes, Apple has remediated as many as 19 actively exploited zero-days since the start of 2023. It also comes days after Google shipped fixes for a high-severity flaw in Chrome (CVE-2023-6345) that has also come under real-world attacks, making it the seventh zero-day to be patched by the company this year.

All Categories

Red Teaming

Blue Teaming

Pentesting

Endpoint Security

Network Defense

Identity and Access Management

Cryptography

Compliance and Regulations

Secure Coding

Physical Security

Threat Intelligence

Malware Analysis

Stay Up to Date With The Latest News & Updates

Access Premium Content

Unlock a treasure trove of expert cybersecurity insights, in-depth analyses, and exclusive reports. Go premium and stay ahead of the digital threats with our top-tier content

Join for $4.99/mo

Join Our Newsletter

Stay informed and vigilant. Subscribe to our newsletter for the latest in cybersecurity trends, threats, and best practices—delivered straight to your inbox

Please enable JavaScript in your browser to complete this form.
Name

Follow Us

Dive deeper into the world of cybersecurity. Follow us on our social channels for daily insights, tips, and exclusive content