Active Exploitation of Zero-Day Vulnerabilities in Apple WebKit
Published on 01 Dec 2023
Apple has released security updates to address two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) in Apple WebKit. Apple Webkit is a web browser engine used by Safari and other default browsers in iOS. The vulnerabilities are reportedly being actively exploited.
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information via an out-of-bounds read weakness, or execute arbitrary code via maliciously crafted webpages.
The vulnerabilities affect the following products:
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
More information is available here:
https://support.apple.com/en-us/HT214031
https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information via an out-of-bounds read weakness, or execute arbitrary code via maliciously crafted webpages.
The vulnerabilities affect the following products:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Macs running macOS Monterey, Ventura, Sonoma
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
More information is available here:
https://support.apple.com/en-us/HT214031
https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-in-emergency-updates/
