Apple has urgently released a security update to fix two zero-day vulnerabilities that are actively being exploited on iOS. These vulnerabilities, identified as CVE-2023-42916 and CVE-2023-42917, were discovered earlier this month and impacted various Apple products.
The security update addresses multiple vulnerabilities, with the two primary ones being CVE-2023-42890 and CVE-2023-42883.
All of these vulnerabilities were found in the WebKit browser engine used by macOS, iOS, and iPadOS.
CVE-2023-42916, also known as the Out of Bounds Read Vulnerability, allows threat actors to access sensitive information by performing an out-of-bounds read when processing web content. This vulnerability has a severity rating of 6.5 (Medium). Apple has fixed this vulnerability and implemented proper input validation to prevent it. Affected products include iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
CVE-2023-42917, the Memory Corruption Vulnerability, allows attackers to execute arbitrary code during the processing of web content. It is categorized as a high severity vulnerability with a rating of 8.8. Apple has addressed this vulnerability by enhancing the locking mechanism. Products affected by this vulnerability are the same as CVE-2023-42916.
Both of these vulnerabilities have been included in the CISA’s Known Exploited Vulnerability catalog to raise awareness among users of these Apple products.
Apple strongly advises users to update their devices to the latest version to patch these vulnerabilities and minimize their risk of falling victim to cybercriminals.
