December 11, 2023 at 02:28PM
Apple has issued emergency security updates for two zero-day flaws in iOS, iPadOS, tvOS, and watchOS. The CVE-2023-42916 and CVE-2023-42917 vulnerabilities in the WebKit browser engine allowed attackers to access sensitive data and execute arbitrary code. Security researcher Clément Lecigne discovered and reported both flaws. CISA ordered Federal Civilian Executive Branch agencies to patch their devices.
Based on the meeting notes, the key takeaways include:
– Apple has issued emergency security updates to address two actively exploited zero-day flaws affecting older versions of iPhones, Apple Watch, and Apple TV models.
– The vulnerabilities, identified as CVE-2023-42916 and CVE-2023-42917, were found in the WebKit browser engine, utilized by Apple’s Safari web browser across its platforms.
– These vulnerabilities allowed attackers to access sensitive data and execute arbitrary code through maliciously crafted webpages targeting unpatched devices.
– Apple has released updates for iOS 16.7.3, iPadOS 16.7.3, tvOS 17.2, and watchOS 10.2 to address the zero-day flaws.
– The impacted devices that received patches include iPhone 8 and later, various iPad models, Apple TV models, and Apple Watch Series 4 and later.
– Clément Lecigne, a security researcher from Google’s Threat Analysis Group, discovered and reported the zero-day vulnerabilities.
– Google TAG researchers have frequently identified and disclosed information on zero-day flaws used in state-sponsored surveillance software attacks.
– In response to evidence of active exploitation, CISA ordered Federal Civilian Executive Branch agencies to patch their devices against these security vulnerabilities.
– Apple has patched a total of 20 zero-day vulnerabilities exploited in attacks since the start of the year.