Security News > 2023 > December > Apple Security Update Fixes Zero-Day Webkit Exploits
Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple's update said the problem originated in WebKit, the engine used for Apple's browsers, where "Processing web content may lead to arbitrary code execution." The updates fix an out-of-bounds read through improved input validation and repair a memory corruption vulnerability using improved locking.
Apple users should be sure they are running the latest version of their operating system, as a general security best practice as well as in the case of active vulnerabilities such as these.
"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the Chrome team wrote in the post about the security update.
Apple referred us to the security release notes; Google has not responded at the time of publication.
News URL
https://www.techrepublic.com/article/apple-security-update/
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- AlmaLinux 9.5 released: Security updates, new packages, and more! (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- Apple Patches Two Zero-Day Attack Vectors (source)