Apple responds to zero-day vulnerabilities with hotfixes
Apple has taken urgent action to fix two critical security flaws
Apple has released an urgent update to fix two zero-day vulnerabilities affecting iPhone, iPad and Mac devices. The flaws, located in the WebKit rendering engine, allowed attacks via malicious web pages that could lead to unauthorized memory reading and corruption. code execution. The security updates released affect a wide range of devices, from the iPhone XS onwards to various iPad and Mac models.
Apple has released urgent security updates to fix two zero-day vulnerabilities affecting iPhone, iPad and Mac devices. These are the 19th and 20th such vulnerabilities addressed since the beginning of the year. According to Apple, versions prior to iOS 16.7.1 may have been subject to attacks exploiting these security flaws, signaling timely intervention to prevent further exploits.
Identification and impact of security flaws
The vulnerabilities identified, identified as CVE-2023-42916 and CVE-2023-42917, reside in the WebKit rendering engine. Attacks via malicious web pages could lead to unauthorized memory reading and arbitrary code execution. Apple has mitigated the issues with updates that introduce improved input validation and strengthened security mechanisms, available for devices running iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.
List of affected Apple devices
The updates affect a broad spectrum of Apple devices, which include: iPhone starting from the XS model, various generations of iPad Pro, iPad Air from the third generation onwards, iPad from the sixth generation and iPad mini from the fifth. Macs with macOS Monterey, Sonoma and Ventura also need the update. The flaws were discovered and reported by Clément Lecigne of the Google Threat Analysis Group (TAG).
Zero-day vulnerability situation in 2023
The CVE-2023-42916 and CVE-2023-42917 vulnerabilities are just the latest in a series of zero-days faced by Apple this year. Previously, Google's TAG also revealed another flaw (CVE-2023-42824) in the XNU kernel, while Citizen Lab and Google TAG discovered three vulnerabilities (CVE-2023-41991, CVE-2023-41992, and CVE- 2023-41993) exploited to spread the Predator malware. Since the beginning of the year, Apple has also patched other zero-day vulnerabilities, demonstrating an ongoing focus and commitment to protecting its users against such threats.
Follow us on Facebook for more pills like this11/30/2023 20:50
Editorial AI