Apple has released an emergency patch to fix two vulnerabilities in WebKit, the engine of the Safari web browser, that are being actively exploited by attackers. These vulnerabilities served as tools to attack all iPhone smartphones, iPad tablets, and macOS computers.
Apple encountered two security vulnerabilities in WebKit, the open source browser engine that forms the basis of the Safari Internet browser. It is the core component responsible for displaying web pages and executing JavaScript code on devices running Apple operating systems, such as iPhone, iPad, and Mac.
The first vulnerability, identified as CVE-2023-42916, allowed hackers to access protected areas of the device’s memory. This may lead to unauthorized retrieval of confidential information. The second vulnerability, CVE-2023-42917, concerned a bug that could cause data corruption in memory. This type of data corruption can be used to execute malicious code, posing a serious threat to device security.
The WebKit flaws were brought to light by cybersecurity researcher Clément Lecigne of the Google Threat Analysis Group. In addition, Lesin recently discovered a similar vulnerability in the Chrome browser, requiring the immediate release of a patch to fix the vulnerability.
Hackers are believed to have exploited a vulnerability in Apple devices by sending infected web pages to victims. This may be due to phishing messages or fake sites that emphasize the need to be careful when working with unverified sources.
In response to the threat, Apple released security updates for the Safari browser, as well as iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2.