Apple released security updates for macOS and iOS, addressing critical vulnerabilities in the WebKit browsing engine that have been exploited in attacks against older mobile devices. These flaws could allow attackers to hijack sensitive content or execute arbitrary code through malicious web content. The updates, iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2, fix the WebKit memory safety bugs (CVE-2023-42916 and CVE-2023-42917) and mitigate potential exploits. Clément Lecigne from Google’s Threat Analysis Group (TAG) is credited for discovering these vulnerabilities, which have been actively exploited by commercial spyware vendors targeting iPhone zero-day vulnerabilities. Apple’s advisories did not provide specific details about the exploitation in the wild.
Read more: https://www.securityweek.com/apple-patches-webkit-flaws-exploited-on-older-iphones/