⚡ TL;DR | Go Straight to the Apple Vulnerability Audit Report
Apple has released 3 new security updates for iOS, iPadOS, macOS Sonoma, and Safari in response to new zero-day 2 vulnerabilities. These vulnerabilities are already being exploited in the wild against older iOS systems. When successfully exploited, these flaws could lead to arbitrary code execution or disclosure of sensitive information. We have added a new report to Lansweeper to help you locate vulnerable devices.
Apple Vulnerabilities CVE-2023-42916 and CVE-2023-42917
CVE-2023-42916 is an out-of-bounds read issue in the WebKit browser engine. When exploited, the issue could cause sensitive data to be disclosed when processing web content. CVE-2023-42917 is a memory corruption bug, also in WebKit, that could allow an attacker to execute arbitrary code. This can again compromise sensitive data or disrupt operations. For more information, please consult Apple’s Security Release page.
Apple is aware that these vulnerabilities are already being exploited in the wild against versions of iOS before 16.7.1, the iOS version released in October 2023. They have not released any further information regarding the exploitation. However, Google TAG researchers have found that similar zero-days have been used in spyware attacks against high-risk individuals.
Update Vulnerable Apple Devices
To address these vulnerabilities, Apple has released security updates for iOS, iPadOS, macOS Sonoma, and Safari. You can find an overview of all patches on Apple’s security page as well as more information on how to get the latest security updates. You can also find all fixed versions listed below.
Name and information link | Available for |
Safari 17.1.2 | macOS Monterey and macOS Ventura |
iOS 17.1.2 and iPadOS 17.1.2 | iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later |
macOS Sonoma 14.1.2 | macOS Sonoma |
Discover Vulnerable Apple Devices
We have added a new report in Lansweeper to help you locate vulnerable Apple devices. This way you have an actionable list of iOS, iPadOS and macOS devices that are at risk and still need the new updates. You can get the report via the link below. You can also check the version of your Safari installs with the Safari Version Audit report.