Update the firmware to maintain control over the information.
Apple has released emergency security updates for backup fixes for two actively exploited zero-day vulnerabilities in older iPhones and some Apple Watch and Apple TV models. According to the company, the problem may have been exploited in iOS versions prior to iOS 16.7.1.
Two vulnerabilities are noted:
Errors were detected in the WebKit browser engine developed by Apple and used by the Safari web browser on the company's platforms (for example, macOS, iOS, iPadOS). The flaws can allow an attacker to gain access to sensitive data and execute arbitrary code using malicious web pages designed to exploit out-of-bounds errors and memory corruption on uncorrected devices.
Apple has fixed zero-day vulnerabilities in iOS 16.7.3, iPadOS 16.7.3, tvOS 17.2, and watchOS 10.2, improving input validation and blocking.
The company says that the bugs have also been fixed in the devices:
Clement Lesigne, a security researcher with Google's Threat Analysis Group (TAG), discovered and reported both zero-day vulnerabilities.
While Apple has not yet provided detailed information about the use of flaws in attacks, researchers at Google TAG have frequently identified and disclosed information about zero-day flaws used in state-sponsored attacks on surveillance software for high-ranking officials, journalists, opposition figures, and dissidents.
Apple has released emergency security updates for backup fixes for two actively exploited zero-day vulnerabilities in older iPhones and some Apple Watch and Apple TV models. According to the company, the problem may have been exploited in iOS versions prior to iOS 16.7.1.
Two vulnerabilities are noted:
- Out-of-bounds vulnerability CVE-2023-42916 (CVSS: 6.5). Web content processing can lead to the disclosure of confidential information.
- Memory corruption flaw CVE-2023-42917 (CVSS: 8.8). Processing web content may result in arbitrary code execution
Errors were detected in the WebKit browser engine developed by Apple and used by the Safari web browser on the company's platforms (for example, macOS, iOS, iPadOS). The flaws can allow an attacker to gain access to sensitive data and execute arbitrary code using malicious web pages designed to exploit out-of-bounds errors and memory corruption on uncorrected devices.
Apple has fixed zero-day vulnerabilities in iOS 16.7.3, iPadOS 16.7.3, tvOS 17.2, and watchOS 10.2, improving input validation and blocking.
The company says that the bugs have also been fixed in the devices:
- iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later;
- Apple TV HD and Apple TV 4K (all models);
- Apple Watch Series 4 and later.
Clement Lesigne, a security researcher with Google's Threat Analysis Group (TAG), discovered and reported both zero-day vulnerabilities.
While Apple has not yet provided detailed information about the use of flaws in attacks, researchers at Google TAG have frequently identified and disclosed information about zero-day flaws used in state-sponsored attacks on surveillance software for high-ranking officials, journalists, opposition figures, and dissidents.
