November 30, 2023 at 01:42PM
Apple fixed two WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) affecting macOS Sonoma that could disclose sensitive info or execute arbitrary code; possibly exploited in iOS pre-16.7.1. Release on 2023-11-30, addressed via improved input validation and locking.
Meeting Takeaways:
1. A recent Apple security document with ID HT214032 was discussed.
2. Two vulnerabilities were addressed, with the following details:
a. CVE-2023-42916: An out-of-bounds read issue, which was resolved through improved input validation. This vulnerability could potentially expose sensitive information when processing web content. It is important to note that Apple has received reports of potential exploitation on versions of iOS prior to iOS 16.7.1.
b. CVE-2023-42917: A memory corruption issue, which was resolved by enhancing the locking mechanism. This flaw could allow arbitrary code execution upon processing web content, and there have been reports of potential exploitation on iOS versions before 16.7.1.
3. Both vulnerabilities affect the WebKit product.
4. Updates to rectify these vulnerabilities are available for macOS Sonoma.
Action Items:
– Inform relevant stakeholders about the release of the security update.
– Ensure any affected systems running macOS Sonoma are updated appropriately to mitigate the vulnerabilities.
– Keep abreast of any further updates or advisories from Apple regarding security and ensure any further actions are taken promptly.
– Circulate information regarding these vulnerabilities and updates to all necessary parties, emphasizing the importance of updating their systems if they are running the stated OS version.