Apple deployed an emergency security update late last week. The latter aims to correct two flaws zero-day which had just as much impact on iPhone…than iPads and Macs.
Twenty. Including the vulnerabilities CVE-2023-42916 and CVE-2023-42917, corrected at the end of last week by Apple, this is the total number of vulnerabilities of type zero-day which the firm will have been forced to remedy in 2023. These last two vulnerabilities, corrected urgently, nevertheless had the particularity of concerning the iOS and iPadOS ecosystems as much as macOS… therefore making them particularly critical.
Two flaws affecting WebKit…
As specified by the specialized site BleepingComputer, these two flaws zero-day were discovered in the WebKit browser engine. They therefore allowed potential attackers to access sensitive information by exploiting a reading weakness out-of-bounds. It was then possible for them to execute code on vulnerable devices, thanks to a memory corruption bug, all using compromised web pages.
A few days ago, in a press release, Apple indicated “ Be aware of a report that this issue may have been exploited with versions of iOS prior to iOS 16.7.1. “. There was therefore an urgent need to act. And it is now done.
…now corrected
Apple has indeed announced that it has deployed patches to strengthen data validation and locking, but also and above all to address the two vulnerabilities described above on devices running iOS 17.1.2, iPadOS 17.1.2 and macOS Sonoma 14.1 .2. Note also that the update deployed by Apple also concerns Safari 17.1.2.
Here is the full list of affected devices:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later; 10.5-inch iPad Pro; iPad Pro 11-inch 1st generation and later; iPad Air 3rd generation and later; iPad 6th generation and later; but also iPad mini 5th generation and later.
- Macs running macOS Monterey, Ventura, Sonoma
Source : BleepingComputer
0