Security News > 2023 > December > Apple Security Update Fixes Zero-Day Webkit Exploits
Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2.
Apple's update said the problem originated in WebKit, the engine used for Apple's browsers, where "Processing web content may lead to arbitrary code execution." The updates fix an out-of-bounds read through improved input validation and repair a memory corruption vulnerability using improved locking.
Apple users should be sure they are running the latest version of their operating system, as a general security best practice as well as in the case of active vulnerabilities such as these.
"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the Chrome team wrote in the post about the security update.
Apple referred us to the security release notes; Google has not responded at the time of publication.
News URL
https://www.techrepublic.com/article/apple-security-update/
Related news
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- Oracle warns that macOS 14.4 update breaks Java on Apple CPUs (source)
- U.S. Justice Department Sues Apple Over Monopoly and Messaging Security (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Apple's GoFetch silicon security fail was down to an obsession with speed (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- Exploit code for Palo Alto Networks zero-day now public (source)