December 12, 2023 at 02:18AM
Apple has released security patches for multiple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari browser. The updates address numerous security flaws, including two recent zero-day vulnerabilities. Vulnerabilities range from keystroke injection to arbitrary code execution. The updates also include improvements in privacy protection and address actively exploited security issues.
Key takeaways from the meeting notes are as follows:
Apple has released security patches for various operating systems and Safari web browser to address multiple security flaws, including two recently disclosed zero-day vulnerabilities.
The updates include fixes for a total of 12 security vulnerabilities in iOS and iPadOS, covering various components such as AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. macOS Sonoma 14.2 also resolves 39 shortcomings, including bugs impacting the ncurses library.
One notable flaw is CVE-2023-45866, a critical security issue that could allow an attacker to inject keystrokes by spoofing a keyboard. This flaw has been remediated in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2.
Safari 17.2 contains fixes for two WebKit flaws – CVE-2023-42890 and CVE-2023-42883 – that could lead to arbitrary code execution and a denial-of-service condition. Additionally, iOS 17.2 and iPadOS 17.2 address a Siri bug and introduce Contact Key Verification for enhanced privacy in iMessage conversations.
Apple has also released iOS 16.7.3 and iPadOS 16.7.3 to address as many as eight security issues, including two related to WebKit that were actively exploited in the wild.
Overall, these updates aim to improve security and address specific vulnerabilities across Apple’s operating systems and Safari web browser.