Apple Security Update Fixes Zero-Day Webkit Exploits

We Keep you Connected

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple Security Update Fixes Zero-Day Webkit Exploits
Your email has been sent
Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs.
Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. The vulnerabilities were discovered by Google’s Threat Analysis group, which has been working on fixes for active Chrome vulnerabilities this week as well.
Jump to:
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” according to Apple’s post about the security updates on Nov. 30. This implies that attackers may be actively using the vulnerabilities.
Apple’s update said the problem originated in WebKit, the engine used for Apple’s browsers, where “processing web content may lead to arbitrary code execution.” The updates fix an out-of-bounds read through improved input validation and repair a memory corruption vulnerability using improved locking.
SEE: Attackers have launched eavesdropping attacks on Apple devices over the last year. (TechRepublic) 
The first vulnerability, the out-of-bounds read, is tracked as CVE-2023-42916. The update addressing it is available for:
The second vulnerability, the memory corruption, is tracked as CVE-2023-42917. The update addressing it is available for:
Information is sparse about the vulnerabilities, which Apple said were investigated by Clément Lecigne at Google’s Threat Analysis Group; the group’s stated mission is to “counter government-backed attacks.”
Apple users should be sure they are running the latest version of their operating system, as a general security best practice as well as in the case of active vulnerabilities such as these. Apple has provided a complete list of the most up-to-date software updates.
The Google Threat Analysis Group also spotted and fixed an out of bounds memory access and six other vulnerabilities in Google Chrome earlier this week. On Nov. 28, Google announced a Chrome update to address the following:
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” the Chrome team wrote in the post about the security update.
TechRepublic contacted Apple and Google for commentary about this story. Apple referred us to the security release notes; Google has not responded at the time of publication.
Whether you want iPhone and Mac tips or the latest enterprise-specific Apple news, we’ve got you covered. Delivered Tuesdays
Whether you want iPhone and Mac tips or the latest enterprise-specific Apple news, we’ve got you covered. Delivered Tuesdays
Apple Security Update Fixes Zero-Day Webkit Exploits
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Some operations and tasks don’t require painstaking attention to detail. Unfortunately, processing payroll isn’t one of them. With sensitive salary and wage information, bank and direct deposit accounts, Social Security numbers and other personal information in play, the stakes are high. This guide — and the accompanying spreadsheet — from TechRepublic Premium will help you …
Quality assurance refers to the processes being used to manage the project and to build the deliverables. This is in contrast to quality control, which refers to the activities used to create the deliverables. Because you are not responsible for the creation of the deliverables (quality control), you need to be comfortable that the outsourcer …
The list of advantages to cloud computing include lowered operational costs, greater technological flexibility and the ability to rapidly implement new systems or services. Gains in business continuity are an especially noteworthy attraction to cloud services, which operate via remote systems that remain running in the event of a local disaster, such as a hurricane …
Business intelligence and data analytics give tech decision makers a clearer idea of how well their companies are running and whether they’re meeting goals. Because BI incorporates data from across the enterprise — revenue operations, sales, supply chain and logistics — its insight is beneficial in areas such as customer profiling, customer support and market …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE