iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2 patch 2 actively exploited security vulnerabilities
Apple has released a point update for iPhones, iPads and Macs. iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2 ship with patches for 2 actively exploited security flaws.
Apple patches 2 critical security issues in iOS, iPadOS and macOS
Both vulnerabilities affect WebKit, which is the engine that powers Apple's Safari browser, and web apps in its operating systems.
The first security vulnerability, which has been tracked under CVE-2023-42916, is related to processing of web content. Apple says that it may lead to disclosing sensitive information. The Cupertino company has patched the flaw by improving the input validation. The other security flaw has the tracking number CVE-2023-42917. Like the first bug, this one also impacts processing of web content, but in this case it could lead to arbitrary code execution. The bug was found to be a memory corruption vulnerability, which was addressed with improved locking.
Apple says that it is aware that these vulnerabilities may have been actively exploited by attackers. The release notes on Apple's security web portal also mentions that the issues could have been exploited in iOS versions before 16.7.1. Apple has credited security researcher Clément Lecigne of Google's Threat Analysis Group, for discovering and reporting the bugs. The WebKit Bugzilla numbers for the issues are WebKit Bugzilla: 265041 and WebKit Bugzilla: 265067, but the details about the issues have not been released publicly. That's probably because the fixes for the issues have just been released, and it may take a few days for the patches to roll out, and it is possible that more information about the bug may be published after many users have installed the update.
The fixes for the vulnerabilities are included in the iOS 17.1.2 update, which is available for the iPhone XS and later, while the iPadOS 17.1.2 update is compatible with the following models: iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. macOS 14.2 Sonoma includes the patches for both bugs. The build number for iOS 17.1.2 and iPadOS 17.1.2 is 21B101, while macOS 14.2 has the build number 23B92 / 23B2091.
Users who are on macOS 12 and 13 have not been left behind, Apple Safari 17.1.2 has been released for macOS Monterey and macOS Ventura to patch the security vulnerabilities.
If you have not yet received a notification to install the update on your device, you can check for it manually heading to the Settings > General > Software Update, to download and install the latest version.
We have seen quite a few actively exploited security issues in iOS, iPadOS and macOS this year. It is clear that the number of attacks that target Apple's operating systems are on the rise. Hackers have even started using sophisticated attack methods like the Clearview campaign, which was designed to target macOS browsers with fake updates to deliver a payload that contains the Atomic Stealer malware.
Apple released the fourth beta of iOS 17.2, iPadOS 17.2 and macOS 14.2 a few days ago. The update will introduce the highly-anticipated Journal app for iPhones, among other features and improvements. We can expect the stable version of the update to be released for all users later this month.
Remember the days of the Mac vs PC guys. When Apple actually had so little market share that they tried to claim how secure it was. Well, those days are defiantly gone and Apple is playing the same wack a mole game everyone else is.