Apple on Monday introduced security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to tackle numerous security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
This features updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Discover My, ImageIO, Kernel, Safari Personal Browsing, and WebKit. macOS Sonoma 14.2, for its portion, resolves 39 shortcomings, counting 6 bugs impacting the ncurses library.
Noteworthy amongst the flaws is CVE-2023-45866, a critical security issue that could allow for an attacker in a privileged network placement to inject keystrokes by spoofing a keyboard.
The vulnerability was disclosed by SkySafe security researcher Marc Newlin last week. It has been remediated in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 with improved checks, the iPhone maker reported.
Approaching WEBINAR Cracking the Code: Discover How Cyber Attackers Exploit Human Psychology
Ever questioned why social engineering is so powerful? Dive deep into the psychology of cyber attackers in our impending webinar.
Sign up for Now
Also unveiled by Apple is Safari 17.2, that contains fixes for two WebKit flaws โ CVE-2023-42890 and CVE-2023-42883 โ that could guide to arbitrary code execution and a denial-of-provider (DoS) problem. The update is available for Macs operating macOS Monterey and macOS Ventura.
iOS 17.2 and iPadOS 17.2, aside from addressing a Siri bug that could permit an adversary with actual physical obtain to attain sensitive information, packs in a security upgrade in the form of Get in touch with Key Verification, which assures privateness of iMessage conversations by enabling buyers to verify the contacts they are speaking with.
“iMessage Make contact with Crucial Verification developments the point out of the art of Critical Transparency deployments by owning consumer gadgets on their own verify regularity proofs and guarantee regularity of the KT system across all user devices for an account,” Apple famous in a technological explainer in October 2023.
“These improvements protect towards essential listing compromise as very well as compromise of the transparency support itself, and can detect split views introduced by both equally providers.”
Coinciding with the updates, Apple has also produced iOS 16.7.3 and iPadOS 16.7.3 to near out as numerous as 8 security issues, two of which relate to WebKit (CVE-2023-42916 and CVE-2023-42917) and have been disclosed by Redmond as acquiring been actively exploited in the wild previously this thirty day period.
Equally the vulnerabilities have been patched in tvOS 17.2 and watchOS 10.2 as properly. No more aspects are available as nevertheless about the mother nature of the exploitation and the menace actors that could be applying them.
Located this posting exciting? Abide by us on Twitter ๏ and LinkedIn to go through far more distinctive material we publish.
Some parts of this article are sourced from:
thehackernews.com
New Critical RCE Vulnerability Discovered in Apache Struts 2 – Patch Now