iPhones and Macs get patches for two vulnerabilities

Avatar

Apple warned customers of the latest zero-day vulnerabilities affecting several of its products, releasing an emergency security update on Thursday.

The vulnerabilities — CVE-2023-42916 and CVE-2023-42917 — were discovered by Clément Lecigne of Google’s Threat Analysis Group and affect iPhone XS and later; several models of iPads; and Macs running macOS Monterey, Ventura or Sonoma.

“Processing web content may disclose sensitive information,” the company said in all three advisories.

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.”

The Cybersecurity and Infrastructure Security Agency (CISA) released its own warning about the vulnerabilities, urging customers of the company to apply the patches available.

Read more: Latest severe Chrome bug prompts CISA warning

Michael Covington, a vice president at Apple device security and management company Jamf, told Recorded Future News that the bugs revolve around Apple’s WebKit.

The exploits involving the vulnerabilities, according to Covington, show that attackers continue to focus on finding flaws in the framework that downloads and presents web-based content.

“The latest bugs could lead to both data leakage and arbitrary code execution, and appear to be tied to targeted attacks that are common against high-risk users,” he said.

“Though these patches validate that Apple devices are not immune to cyber threats, the patching process is helping to reduce the attack surface. Now that the patches are issued, it is up to users, and organizations that utilize Apple devices for work, to update their devices and monitor for compliance to ensure that all critical devices are no longer vulnerable as soon as possible.”

Apple previously warned in October about hackers exploiting CVE-2023-42824 – a vulnerability affecting iPhone XS and later as well as several versions of the iPad Pro and Air.

TechnologyBriefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

60 credit unions facing outages due to ransomware attack on popular tech provider

Next Post

Russian developer of Trickbot malware pleads guilty, faces 35-year sentence

Related Posts

Apple accuses UK gov’t of ‘unprecedented overreach’ on privacy

In the name of security, the UK government may well have put a cybersecurity target on the nation’s back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a “serious and direct threat to data security and information privacy.“We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk," Apple said in a statement. “This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers.”To read this article in full, please click here
Jason Macuray
Read More