Apple Patched Two Zero-Days This Week
Apple released patches for its devices this week to patch two recently-discovered zero-days. If you have an iPhone, iPad, or Mac, you should make sure it is fully updated to ensure your personal and business data is protected. The updates, iOS 17.1.2, iPadOS 17.1.2, and macOS 14.1.2, address two security vulnerabilities affecting WebKit, the underlying platform that powers Apple’s Safari
Apple released patches for its devices this week to patch two recently-discovered zero-days. If you have an iPhone, iPad, or Mac, you should make sure it is fully updated to ensure your personal and business data is protected.
The updates, iOS 17.1.2, iPadOS 17.1.2, and macOS 14.1.2, address two security vulnerabilities affecting WebKit, the underlying platform that powers Apple’s Safari web browser. Even if you don’t use Safari, this update is important, not least of which because all browsers on iOS are built on WebKit.
As these vulnerabilities are zero-days, Apple has confirmed known exploits may exist in the wild. There’s no telling how many bad actors know about the exploits, nor how many users have been targeted using it, but the fact there is a known exploit means updating is essential.
The vulnerabilities can be seen below:
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google’s Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.
WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google’s Threat Analysis Group
To update your iPhone or iPad, go to Settings -> General -> Software Update. To update your Mac, go to System Settings -> General -> Software Update.
Share This