Advertisement
U.S. markets closed
  • S&P 500

    5,088.80
    +1.77 (+0.03%)
     
  • Dow 30

    39,131.53
    +62.42 (+0.16%)
     
  • Nasdaq

    15,996.82
    -44.80 (-0.28%)
     
  • Russell 2000

    2,016.69
    +2.85 (+0.14%)
     
  • Crude Oil

    76.57
    -2.04 (-2.60%)
     
  • Gold

    2,045.80
    +15.10 (+0.74%)
     
  • Silver

    22.98
    +0.19 (+0.84%)
     
  • EUR/USD

    1.0823
    -0.0005 (-0.04%)
     
  • 10-Yr Bond

    4.2600
    -0.0670 (-1.55%)
     
  • GBP/USD

    1.2673
    +0.0015 (+0.12%)
     
  • USD/JPY

    150.4400
    -0.0600 (-0.04%)
     
  • Bitcoin USD

    50,952.21
    -260.92 (-0.51%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • FTSE 100

    7,706.28
    +21.79 (+0.28%)
     
  • Nikkei 225

    39,098.68
    +836.48 (+2.19%)
     

iOS 17.1.2 & Sonoma 14.1.2 updates stop browsers from leaking data

Apple patches flaws in WebKit in latest OS updates
Apple patches flaws in WebKit in latest OS updates

Apple has updated iOS, iPadOS, and macOS Sonoma with new updates that fix two actively exploited WebKit bugs that could leak personal data to attackers.

Apple patches flaws in WebKit in latest OS updates

The company released the newest versions of its operating systems on Thursday, bringing iOS 17 and iPadOS 17 up to 17.1.2, and macOS Sonoma to 14.1.2. They focus on fixing security flaws in WebKit, Apple's open-source web browser engine used as the foundation for rendering web content in various internet browsers.

The update addresses the same two vulnerabilities within iOS, iPadOS, and macOS Sonoma.

Security update for iOS 17.1.2, iPadOS iOS 17.1.2, and macOS Sonoma 14.1.2

First WebKit flaw

  • Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later, and macOS Sonoma.

  • Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

  • Description: An out-of-bounds read was addressed with improved input validation.

  • CVE-2023-42916: Clement Lecigne of Google's Threat Analysis Group

Second WebKit flaw

  • Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later, and macOS Sonoma

  • Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

  • Description: A memory corruption vulnerability was addressed with improved locking.

  • CVE-2023-42917: Clement Lecigne of Google's Threat Analysis Group

What it means

First, "Processing web content may disclose sensitive information" means a vulnerability in iOS could allow unauthorized access to or disclosure of personal data when processing web content, like browsing in Safari.

Next, an "out-of-bounds read" is a software bug where a program reads data outside the boundary of the intended memory allocation. Such a bug can lead to various issues, including unauthorized access to sensitive data or system crashes.

Input validation is a method where the program checks and validates the data it receives to ensure it's correct and safe before processing it. Apple ensured the system better verifies and sanitizes the incoming data, reducing the risk of such vulnerabilities.

Apple mentioned that it received at least one report of attackers exploiting the WebKit flaws, so updating iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2 is critical to staying safe.

Advertisement