Today, Apple rolled out updates for its iOS, iPadOS, and macOS software, addressing two zero-day security vulnerabilities. The company indicated that these vulnerabilities were actively exploited in the wild. Apple acknowledged a report suggesting exploitation on versions of iOS prior to iOS 16.7.1. Updates to patch these vulnerabilities are now available for iPhone, iPad, and Mac.
The credit for discovering and reporting both exploits goes to Clément Lecigne from Google’s Threat Analysis Group (TAG). Notably, the TAG team often uncovers and discloses zero-day bugs targeting high-profile individuals such as politicians, journalists, and dissidents. Apple did not disclose specific details about the nature of attacks utilizing these flaws.
Both security vulnerabilities affected WebKit, Apple’s open-source browser framework that powers Safari. Apple’s description of the first bug stated, “Processing web content may disclose sensitive information,” while the second mentioned, “Processing web content may lead to arbitrary code execution.
“The security updates encompass devices such as the ‘iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.’
While the likelihood of your devices being impacted by either of these vulnerabilities is extremely minimal, there’s no need for alarm. However, as a precautionary measure, it is advisable to promptly update your Apple devices. To do so, navigate to Settings > General > Software Update on your iPhone or iPad and follow the prompts. On a Mac, go to System Preferences > General > Software Update and perform the same steps. The fixes from Apple are included in the latest releases: iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2, available for immediate installation.”