Security News > 2023 > December > Apple Security Update Fixes Zero-Day Webkit Exploits

Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple's update said the problem originated in WebKit, the engine used for Apple's browsers, where "Processing web content may lead to arbitrary code execution." The updates fix an out-of-bounds read through improved input validation and repair a memory corruption vulnerability using improved locking.
Apple users should be sure they are running the latest version of their operating system, as a general security best practice as well as in the case of active vulnerabilities such as these.
"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the Chrome team wrote in the post about the security update.
Apple referred us to the security release notes; Google has not responded at the time of publication.
News URL
https://www.techrepublic.com/article/apple-security-update/
Related news
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Update Your iPhone Now to Fix Safari Security Flaw (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)