This is an essential warning if you possess an iPad, iPhone, or Mac: update your device right away.

Apple has released Safari 17.1 for macOS Monterey and macOS Ventura, iOS and iPadOS 17.1.2, and macOS Sonoma 14.1.2 in order to fix two serious WebKit vulnerabilities that affect Safari on Mac and all iPhone and iPad browsers.

Users and security experts were unaware of these zero-day vulnerabilities until recently. They "may have been exploited against versions of iOS before iOS 16.7.1," released in November to address a different zero-day vulnerability.

Whether this could be exploited on Macs is still unknown. This is Apple's 20th zero-day patch for 2023.

Zero-day vulnerability
Unsplash/ Franck

Flaws in the WebKit

Apple has begun development on tvOS 17.2 and watchOS 10.2, which should be released with the exact necessary upgrade in about a week.

Clément Lecigne of Google's Threat Analysis Group found these WebKit fixes. Make sure your devices have the most recent software updates installed to stay safe and up to date.

Apple has discovered severe flaws in WebKit that affect devices running iOS 16.7.1 and lower. Sensitive information may be exposed due to one problem when processing online content, and user information may be at risk from another by enabling arbitrary code execution.

One vulnerability is an out-of-bounds read that could reveal private data.

At the same time, the other is a memory corruption issue that could give attackers the power to run any code they want. Apple improved its locking and validation systems in order to address these problems.

Comparably, Google addressed seven security vulnerabilities, some exploited in real-world situations, in an urgent Chrome update for Mac.

Update your device as soon as possible to make it safer by going to General and Software Update under Settings on an iPhone, iPad, or Mac system settings.

Go to System Preferences, then Software Update on older Macs.

It's essential to keep your devices updated with the most recent updates if you want to protect yourself from security risks.

Other Zero-Day Vulnerability Updates

Apple has also released Safari 17.1.2, targeting users on older macOS Monterey and macOS Ventura versions to address these newly discovered zero-day vulnerabilities.

Although the actors behind the exploitation remain unidentified, neither Apple nor Google have disclosed specific details about the nature of these vulnerabilities or their perpetrators.

Recently, Google resolved its zero-day issue in Chrome, acknowledging the existence of an exploit already in the wild.

Google's security expert Maddie Stone highlighted on X, formerly known as Twitter that the Chrome vulnerability was swiftly fixed within four days. Similarly, Apple took less than a week to address the bug reported by Google's researchers, demonstrating a prompt response to security concerns.

Throughout the year, the IT giant addressed 19 zero-day vulnerabilities, but seventeen vulnerabilities remain unresolved.

These include CVE-2023-5217 from October 2023, CVE-2023-41993, CVE-2023-41991, and CVE-2023-41992 from September 2023, alongside CVE-2023-41064 and CVE-2023-41061 from the same month.

July 2023 contributes CVE-2023-37450 and CVE-2023-38606, while June 2023 presents CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439.

May 2023 introduces CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, followed by April 2023's CVE-2023-28206 and CVE-2023-28205.

Lastly, February 2023 includes CVE-2023-23529.

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.