PRUEBA AHORA
Vulnerability

Apple’s Emergency Updates Fix 2 New Zero-Day Vulnerabilities

2 min. read
01/12/2023
By Laura Libeer
Generic-Apple-Vulnerability-Featured-Image

⚡ TL;DR | Go Straight to the Apple Vulnerability Audit Report

Apple has released 3 new security updates for iOS, iPadOS, macOS Sonoma, and Safari in response to new zero-day 2 vulnerabilities. These vulnerabilities are already being exploited in the wild against older iOS systems. When successfully exploited, these flaws could lead to arbitrary code execution or disclosure of sensitive information. We have added a new report to Lansweeper to help you locate vulnerable devices.

Apple Vulnerabilities CVE-2023-42916 and CVE-2023-42917

CVE-2023-42916 is an out-of-bounds read issue in the WebKit browser engine. When exploited, the issue could cause sensitive data to be disclosed when processing web content. CVE-2023-42917 is a memory corruption bug, also in WebKit, that could allow an attacker to execute arbitrary code. This can again compromise sensitive data or disrupt operations. For more information, please consult Apple’s Security Release page.

Apple is aware that these vulnerabilities are already being exploited in the wild against versions of iOS before 16.7.1, the iOS version released in October 2023. They have not released any further information regarding the exploitation. However, Google TAG researchers have found that similar zero-days have been used in spyware attacks against high-risk individuals.

Update Vulnerable Apple Devices

To address these vulnerabilities, Apple has released security updates for iOS, iPadOS, macOS Sonoma, and Safari. You can find an overview of all patches on Apple’s security page as well as more information on how to get the latest security updates. You can also find all fixed versions listed below.

Name and information linkAvailable for
Safari 17.1.2macOS Monterey and macOS Ventura
iOS 17.1.2 and iPadOS 17.1.2iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
macOS Sonoma 14.1.2macOS Sonoma

Discover Vulnerable Apple Devices

We have added a new report in Lansweeper to help you locate vulnerable Apple devices. This way you have an actionable list of iOS, iPadOS and macOS devices that are at risk and still need the new updates. You can get the report via the link below. You can also check the version of your Safari installs with the Safari Version Audit report.

Apple Vulnerability Audit Report December 2023