Apple is releasing updated versions of its primary iOS and macOS platforms to address multiple WebKit vulnerabilities exploited in the wild as zero-day threats.
The latest iOS 17.3 and macOS Sonoma 14.3 updates address at least 16 documented vulnerabilities that leave Apple users susceptible to code execution, denial-of-service, and data exposure attacks.
Apple has drawn immediate attention to three critical WebKit security flaws that have already been exploited in zero-day attacks. However, in line with its standard practice, Apple has not disclosed technical specifics or compromise indicators to aid defenders in identifying potential compromises.
According to a concise iOS 17.3 advisory, one of the WebKit vulnerabilities, CVE-2024-23222, might have been exploited against newer operating system versions. The advisory warns that processing maliciously crafted web content could result in arbitrary code execution, and Apple is aware of a reported exploitation. The company states that it has addressed this issue by improving checks for a type confusion problem.
Another advisory highlights two WebKit bugs, CVE-2023-42916 and CVE-2023-42917, potentially exploited against iOS versions predating iOS 16.7.1.
In addition to the WebKit fixes, the iOS and MacOS updates also address security issues in various components, including the Apple Neural Engine, CoreCrypto, Mail Search, Reset Services, Shortcuts, and Time Zone.
What's Your Reaction?
