Apple releases emergency updates for two new WebKit vulnerabilities exploited by hackers

published: Nov. 30, 2023

Take action: If you are using an Apple device, patch quickly. And be very careful about sites you visit in the meantime


Learn More

Apple has recently rolled out critical security updates in response to two newly discovered zero-day vulnerabilities. These updates, deemed urgent, were issued for a range of Apple devices including iPhones, iPads, and Macs. With these latest patches, the count of zero-day flaws addressed by Apple since the beginning of the year has reached twenty.

Apple has rolled out critical security updates in response to two newly discovered zero-day vulnerabilities that may have been exploited in earlier versions of iOS, prior to iOS 16.7.1 and MacOS prior to 14.1.2 and Safari prior to 17.1.2.

The identified vulnerabilities, tracked as CVE-2023-42916 and CVE-2023-42917, reside in Apple's WebKit browser engine. These flaws could potentially allow attackers to access sensitive data through an out-of-bounds read issue and execute arbitrary code via a memory corruption bug. These vulnerabilities could be exploited through luring usert to visit specially crafted web pages on the affected devices.

Apple has updated the input validation and memory handling with the release of iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2. The range of devices impacted by these vulnerabilities is extensive, including iPhone XS and later models, various generations of iPad Pro, iPad Air, iPad, and iPad mini, as well as Macs running specific versions of macOS.

Apple releases emergency updates for two new WebKit vulnerabilities exploited by hackers