Apple has released an emergency patch to fix two actively exploited vulnerabilities in WebKit, the engine behind the Safari web browser. These vulnerabilities served as avenues for attacks on all Apple devices, including iPhones, iPads, and macOS computers.
The first vulnerability (CVE-2023-42916) allowed hackers to access protected areas of the device's memory, potentially leading to unauthorized extraction of confidential information. The second vulnerability (CVE-2023-42917) was related to a memory data corruption issue, which could be exploited for running malicious code.
These vulnerabilities were brought to light by cybersecurity researcher Clément Lecigne from the Google Threat Analysis Group. Lecigne recently discovered a similar vulnerability in the Chrome browser, necessitating an immediate patch.
It is presumed that hackers exploited these vulnerabilities by sending infected web pages to victims through phishing messages or fake websites, emphasizing the need for caution when dealing with unverified sources.
In response to the threat, Apple has released security updates for iOS 17.1.2, iPadOS 17.1.2, macOS Sonoma 14.1.2, and Safari browser.