Image: Foundry
On Thursday, Apple released a slew of updates that bring a few new features to the iPhone and Mac. But much more importantly, the updates include three critical zero-day patches for security vulnerabilities that are known to have been actively exploited. The most alarming of the bugs allow a hacker to access personal data and take over your device via a malicious app.
The WebKit flaws span Apple’s family of devices and have been patched in iOS 16.5iPadOS 16.5, watchOS 9.5, macOS 13.4and tvOS 16.5but also iOS/iPadOS 15.7.6, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, as well as Safari 16.5. All of the updates include the same five WebKit fixes, with three of them known to have been exploited:
WebKit
- Impact: Processing web content may disclose sensitive information
- Description: An out-of-bounds read was addressed with improved input validation.
- With WebKit Bugz: 255075
CVE-2023-32402: an anonymous researcher
WebKit
- Impact: Processing web content may disclose sensitive information
- Description: A buffer overflow issue was addressed with improved memory handling.
- With WebKit Bugz: 254781
CVE-2023-32423: Ignacio Sanmillán (@ulexec)
WebKit
- Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
- Description: The issue was addressed with improved bounds checks.
- With WebKit Bugz: 255350
CVE-2023-32409: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
WebKit
- Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds read was addressed with improved input validation.
- With WebKit Bugz: 254930
CVE-2023-28204: an anonymous researcher
WebKit
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use-after-free issue was addressed with improved memory management.
- With WebKit Bugz: 254840
CVE-2023-32373: an anonymous researcher
Two of the three zero day flaws, CVE-2023-28204 and CVE-2023-32373, were previously patched as part of Apple’s first Rapid Security Response updates for iOS and iPadOS (16.4.1 (a)) and macOS Ventura (13.3.1 (a)).
To update your iPhone or iPad, go to the Settings app, then General and Software Update. On a Mac, go to System Settings, then General and Software Update; on pre-Ventura Macs, find the System Preferences app, then Software Update.
Author: Michael SimonExecutive Editor
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Blue Yeti Game Streaming Kit with Yeti USB Gaming, Podcast Mic, Pop Filter, PC/Mac/PS5 + G733 Lightspeed Wireless Gaming Headset with Suspension Headband, Lightsync RGB, and PRO-G audio - Blackout
$94.48 (as of November 7, 2024 18:52 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
WOGCHANEI Music Lover Advent Calendar Bracelets 2024 for Lover 24 Days Christmas Countdown Calendar DIY Jewelry Making Kit Gift 22 Charm Beads Hangings for Music Fans
$5.99 (as of November 7, 2024 18:48 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Double Story House 2024 Tiny House, Foldable Tiny Home with Well Equipped Bathroom & Kitchen, Portable, Cabin Prefab Space 20 FT, Tiny House to Live in, Modular Homes, Container House, Mobile House
$49,899.00 (as of November 7, 2024 18:52 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
POCKET AIR Car Tire Inflator Portable Air Compressor by Bullseye Pro, Rechargeable 4000MAH Portable Tire Inflator for Car Tire Air Pump Portable, Air Pump for Car Tires with LED Pressure Gauge,7.4V DC
$99.99 (as of November 7, 2024 18:48 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
