Apple has issued a new round of updates to address security holes said to be exploited by attackers in the wild.
iOS 17.1.2 and iPadOS 17.1.2 bring no features to the table. Instead, the updates are meant to squarely address two weaknesses in the WebKit web rendering engine shared by all things Apple.
Tracked as CVE-2023-42916 and CVE-2023-42917, the flaws can be abused to execute “arbitrary” code on a target device, meaning a threat actor could theoretically run malware on the victim’s phone and read sensitive information.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” warns the Cupertino tech giant, referring to both vulnerabilities.
The two bugs are also squashed in macOS Sonoma 14.1.2. Those who wish to postpone the system update on their Macs can simply update their Safari browser to version 17.1.2.
While there are currently no reports of these flaws actually being used in targeted attacks, zero-day flaws patched by Apple are typically leveraged in state-sponsored hacks on journalists, dissidents, political activists and the like.
The security holes were reported to Apple by Clément Lecigne of Google's Threat Analysis Group (TAG), which focuses on spyware campaigns as described above.
Google itself patched a zero-day in Chrome last week, also reported by Lecigne.
In October, Apple instructed users of older iPhones and iPads still running iOS 15 to deploy a software update that addresses a weakness exploited in spyware attacks.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024