Apple Patched Two Zero-Days This Week
Apple released patches for its devices this week to patch two recently-discovered zero-days. If you have an iPhone, iPad, or Mac, you should make sure it is fully updated to ensure your personal and business data is protected. The updates, iOS 17.1.2, iPadOS 17.1.2, and macOS 14.1.2, address two security vulnerabilities affecting WebKit, the underlying platform that powers Apple’s Safari
Apple released patches for its devices this week to patch two recently-discovered zero-days. If you have an iPhone, iPad, or Mac, you should make sure it is fully updated to ensure your personal and business data is protected.
The updates, iOS 17.1.2, iPadOS 17.1.2, and macOS 14.1.2, address two security vulnerabilities affecting WebKit, the underlying platform that powers Apple’s Safari web browser. Even if you don’t use Safari, this update is important, not least of which because all browsers on iOS are built on WebKit.
As these vulnerabilities are zero-days, Apple has confirmed known exploits may exist in the wild. There’s no telling how many bad actors know about the exploits, nor how many users have been targeted using it, but the fact there is a known exploit means updating is essential.
The vulnerabilities can be seen below:
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google’s Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.
WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google’s Threat Analysis Group
To update your iPhone or iPad, go to Settings -> General -> Software Update. To update your Mac, go to System Settings -> General -> Software Update.
Share This
More Articles
May. 14, 2024
Recommendations for Passwords on National Password Day
May. 14, 2024
Apple’s Latest Update for iPhone Patches 15 Security Vulnerabilities
May. 07, 2024
Hackers Break Into Dropbox Sign, Stealing Customer Information
May. 07, 2024
How “Voice Isolation” Can Make Your iPhone Calls Clearer
Apr. 30, 2024
Microsoft May Be Trying to Earn Back Trust in Cybersecurity
View All