Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

0

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.

The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –

Apple said it’s aware of reports exploiting the shortcomings “against versions of iOS before iOS 16.7.1,” which was released on October 10, 2023. ClĂ©ment Lecigne of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the twin flaws.

The iPhone maker did not provide additional information regarding ongoing exploitation, but previously disclosed zero-days in iOS have been used to deliver mercenary spyware targeting high-risk individuals, such as activists, dissidents, journalists, and politicians.

It’s worth pointing out here that every third-party web browser that’s available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, are powered by the WebKit rendering engine due to restrictions imposed by Apple, making it a lucrative and broad attack surface.

The updates are available for the following devices and operating systems –

With the latest security fixes, Apple has remediated as many as 19 actively exploited zero-days since the start of 2023. It also comes days after Google shipped fixes for a high-severity flaw in Chrome (CVE-2023-6345) that has also come under real-world attacks, making it the seventh zero-day to be patched by the company this year.

LEAVE A REPLY

Please enter your comment!
Please enter your name here