Home Security News Apple Issues Urgent Patches for WebKit Flaws and Warns of Potential Exploits: What You Need to Know

Apple Issues Urgent Patches for WebKit Flaws and Warns of Potential Exploits: What You Need to Know

Posted: December 6, 2023

people sitting down near table with assorted laptop computers

Apple Patches WebKit Flaws

Apple has implemented patches against two critical WebKit flaws, CVE-2023-42916 and CVE-2023-42917, which have reportedly been exploited against older versions of iOS, specifically those before iOS 16.7.1. These vulnerabilities were highlighted by advisories from Cupertino, citing that successful exploitation could hijack sensitive data or launch arbitrary code execution attacks.

To ensure protection from these flaws, Apple has issued crucial security updates for its key macOS and iOS platforms. The company has specifically addressed these flaws in its newly released iOS 17.1.2 and iPadOS 17.1.2. The hi-tech firm has warned that these vulnerabilities were prime for exploitation via malevolent web content, further emphasizing the importance of the updates.

Apple's response to these vulnerabilities aims to ensure the security of the multitude of users of their devices worldwide, with a particular emphasis on older mobile gadgets that may be more susceptible to these kinds of attacks.

Flaws CVE-2023-42916 and CVE-2023-42917 exploited on iOS versions before iOS 16.7.1

Apple stated that these particular flaws were already being exploited on versions of iOS before 16.7.1. This suggests that these vulnerabilities were not theoretical risks but have already been used maliciously. This would imply that cyber criminals had identified and could leverage these flaws before they were patched, potentially putting a significant number of users at risk.

Security updates pushed for macOS and iOS to cover these flaws

In response to these security threats, Apple took decisive action by releasing security updates for its macOS and iOS platforms. These updates aim to nullify the risks posed by these two WebKit flaws, securing the users' systems and ensuring their digital safety.

Vulnerabilities can be exploited to hijack sensitive content or launch arbitrary code execution attacks

The seriousness of these vulnerabilities lies in the potential damage they could cause. By exploiting these flaws, malicious actors could potentially hijack sensitive content or launch arbitrary code execution attacks, causing significant disruptions and breaches of personal information.

Discovery credited to Clément Lecigne of Google's Threat Analysis Group.

The discovery of these critical flaws is credited to Clément Lecigne, a member of Google's Threat Analysis Group (TAG). Over the recent past, TAG has been known for its active involvement in discovering commercial spyware vendors and mercenary hacking companies taking advantage of iPhone zero-day vulnerabilities.

Apple Warns of Potential Exploit

Apple has warned about the potential exploitation of its flagship iOS operating system, specifically its versions before iOS 16.7.1. The corporate tech giant has recognized the severity of the issue, stating that these exploitations are usually launched via malevolent web content. This way, threat actors could compromise the security of older Apple devices, potentially losing of sensitive user data or even full system control through arbitrary code execution.

The issue may have been exploited against versions of iOS before iOS 16.7.1

After the flaw discovery, Apple confirmed the issue could have been exploited in versions of iOS antecedent to iOS 16.7.1. Hence, users running these iOS versions are encouraged to update their systems to the newly released security patches, iOS 17.1.2 and iPadOS 17.1.2. Apple's swift response underlines the substantial security threats these vulnerabilities pose to users' personal data and device security.

Exploits can be launched via malicious web content

One of the primary conduits for launching these exploits is malicious web content. Unwitting users can be led to infected websites or online platforms, which then exploit the identified vulnerabilities to extract sensitive information or instigate harmful attacks. It's recommended for all users, especially those on older versions of iOS, to be particularly cautious when browsing or clicking links from unknown sources.

No additional information on in-the-wild exploitation

In line with its usual protocol, Apple hasn't provided further details concerning in-the-wild exploitation of these found vulnerabilities. Nevertheless, considering the tech giant's immediate action of rolling out necessary updates, the threat level of these flaws could be significant. As a precaution, users are advised to adopt the latest security updates, ensuring their devices remain secure and resilient against these types of cyberattacks.

New Updates and Patches

In the wake of the recently revealed WebKit vulnerabilities, Apple has taken proactive measures to roll out several updates. Primarily, these patches include the releases of iOS 17.1.2 and iPadOS 17.1.2, both of which come fortified with crucial fixes to remedy the identified flaws. Furthermore, the tech giant acknowledged and resolved the WebKit memory safety concerns CVE-2023-42916 and CVE-2023-42917 in its newest macOS Sonoma 14.1.2 and Safari 17.1.2 releases.

Released iOS 17.1.2 and iPadOS 17.1.2 with fixes for WebKit flaws

With the release of iOS 17.1.2 and iPadOS 17.1.2, Apple aims to counteract the identified WebKit vulnerabilities effectively. The newest versions of the operating systems have been engineered with fixes for the noted flaws, shielding users from potential unauthorized hijacking of sensitive content or arbitrary code execution attacks. Anthology of these updates represents an essential stride in securing older Apple devices, many of which had become primary targets for such security breaches, as evidenced by the successful exploitation of versions of iOS preceding iOS 16.7.1.

WebKit memory safety bugs CVE-2023-42916 and CVE-2023-42917 were also patched in the new macOS Sonoma 14.1.2 Safari 17.1.2

Furthermore, Apple has addressed the WebKit memory safety bugs CVE-2023-42916 and CVE-2023-42917 in the newly launched macOS Sonoma 14.1.2 and Safari 17.1.2. These bugs presented notable security risks, and their patching underscores Apple's commitment to maintaining device security and user data protection. The company continues to stress the importance of these updates, and users are encouraged to install them promptly to keep their devices guarded against any potential exploitation.