Apple has urgently released security updates to address two zero-day vulnerabilities that were actively being exploited.
These vulnerabilities impacts iPhones, iPads, and Mac devices. They were discovered in the WebKit browser engine (CVE-2023-42916 and CVE-2023-42917), and allow attackers to access sensitive information through an out-of-bounds read weakness. It also allows the execution of arbitrary code via a memory corruption bug on vulnerable devices by using maliciously crafted webpages. Apple has addressed these flaws in devices running iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2 through enhanced input validation and locking. The impacted Apple devices include iPhone XS and later, various iPad models, and Macs running macOS Monterey, Ventura, and Sonoma. These vulnerabilities mark the 19th and 20th zero-day flaws exploited in the wild fixed by Apple in 2023. Users are highly encourage to update their device as soon as possible.
https://support.apple.com/en-us/HT214031
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-01-cybersecurity-and-open-source-headlines/