January 22, 2024 at 01:42PM
Apple has released an update addressing two security vulnerabilities in WebKit, affecting iOS devices before version 16.7.1. The vulnerabilities could lead to sensitive information disclosure and arbitrary code execution when processing web content. The update is available for specific iPhone and iPad models, and iPod touch.
Meeting Takeaways:
1. Apple has addressed an out-of-bounds read vulnerability with improved input validation (CVE-2023-42916) in the WebKit, impacting the processing of web content and potentially disclosing sensitive information. Exploitation may have occurred in iOS versions before iOS 16.7.1.
2. Apple has also addressed a memory corruption vulnerability with improved locking (CVE-2023-42917) in the WebKit, impacting the processing of web content and potentially leading to arbitrary code execution. Exploitation may have occurred in iOS versions before iOS 16.7.1.
3. Updates for the identified vulnerabilities are available for the following devices: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
Please let me know if you need any further information or if there are additional tasks I can assist with.