Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below -
Apple said itβs aware of reports exploiting the shortcomings βagainst versions of iOS before iOS 16.7.1,β which was released on October 10, 2023. ClΓ©ment Lecigne of Googleβs Threat Analysis Group (TAG) has been credited with discovering and reporting the twin flaws.
UPCOMING WEBINAR [
Learn Insider Threat Detection with Application Response Strategies
](<https://thehacker.news/app-detection-response?source=inside>)
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.
The iPhone maker did not provide additional information regarding ongoing exploitation, but previously disclosed zero-days in iOS have been used to deliver mercenary spyware targeting high-risk individuals, such as activists, dissidents, journalists, and politicians.
Itβs worth pointing out here that every third-party web browser thatβs available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, is powered by the WebKit rendering engine due to restrictions imposed by Apple, making it a lucrative and broad attack surface.
The updates are available for the following devices and operating systems -
With the latest security fixes, Apple has remediated as many as 19 actively exploited zero-days since the start of 2023. It also comes days after Google shipped fixes for a high-severity flaw in Chrome (CVE-2023-6345) that has also come under real-world attacks, making it the seventh zero-day to be patched by the company this year.
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.