November 30, 2023 at 01:42PM
Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that potentially leaked information and allowed code execution on older iOS versions. Updates for iPhones starting from XS and various iPad models are available to mitigate these issues. Reported exploitation exists against iOS versions before 16.7.1.
Meeting Takeaways:
1. Apple has addressed two security vulnerabilities identified by their Apple IDs and CV numbers: HT214031 (CVE-2023-42916) and CVE-2023-42917.
2. The vulnerabilities were present in the WebKit engine affecting Apple devices.
3. CVE-2023-42916 involved an out-of-bounds read issue that has now been resolved through improved input validation. The vulnerability could potentially disclose sensitive information when processing web content.
4. Apple has acknowledged that CVE-2023-42916 may have been exploited in iOS versions prior to 16.7.1.
5. CVE-2023-42917 was a memory corruption issue that has been fixed with improved locking mechanisms. The impact of this vulnerability could lead to arbitrary code execution when processing web content.
6. Similar to CVE-2023-42916, Apple is aware of reports that CVE-2023-42917 may have been exploited in iOS versions before 16.7.1.
7. The software update addressing both vulnerabilities is available for:
– iPhone models starting from iPhone XS and later
– iPad Pro 12.9-inch from the 2nd generation and later
– iPad Pro 10.5-inch
– iPad Pro 11-inch from the 1st generation and later
– iPad Air from the 3rd generation and later
– iPad from the 6th generation and later
– iPad mini from the 5th generation and later
8. The release date for the update is scheduled for November 30, 2023.
Action Items:
– Ensure affected devices are updated to the latest software version after the release date to mitigate these security risks.
– Inform stakeholders and users about the software update and the importance of installing it to protect their sensitive information.
– Monitor for further updates from Apple regarding potential exploitation of these vulnerabilities and any additional measures that may need to be taken.