CVE-2023-42916 & CVE-2023-42917: Apple Patches Two Zero-Day Vulnerabilities
The first vulnerability, CVE-2023-42916, is an out-of-bounds read vulnerability that could allow attackers to read sensitive memory locations, potentially exposing personal data such as browsing history, passwords, and other confidential information. The second vulnerability, CVE-2023-42917, is a memory corruption vulnerability that could allow attackers to execute arbitrary code on affected devices, granting them complete control over the device.
Apple has acknowledged that these vulnerabilities have been exploited in the wild, and urges all users to update their devices immediately. The affected devices include:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Macs running macOS Monterey, Ventura, and Sonoma
To update your devices, follow these steps:
- iPhone and iPad: Go to Settings > General > Software Update and tap “Download and Install.”
- Mac: Go to the Apple menu > System Preferences > Software Update and click “Update Now.”
Apple has addressed these vulnerabilities by implementing improved input validation and locking mechanisms in the WebKit browser engine. These updates are available with iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari 17.1.2.
It is important to note that these vulnerabilities affect a wide range of Apple devices, and all users should take immediate action to update their devices to protect themselves from potential attacks.