According to the device manufacturer, at least 16 known vulnerabilities that might have exposed Apple customers to code execution, denial-of-service, and data disclosure attacks have been fixed in the most recent versions of iOS 17.3 and macOS Sonoma 14.3.
Three vulnerabilities in the WebKit security that have previously been used in zero-day attacks have drawn immediate attention from the Cupertino business.
Apple did not provide technical information or signs of compromise, as is normal, to assist defenders in looking for signs of compromise. One of the WebKit vulnerabilities, CVE-2024-23222, may have been used against more recent iterations of the operating system, citing a barebones iOS 17.3 advisory.
When maliciously prepared web material is processed, it can result in arbitrary code execution. According to a study, Apple may have been the victim of abuse, the business stated. “Improved checks were implemented to address a type confusion issue.”
Two WebKit issues, CVE-2023-42916 and CVE-2023-42917, are listed in a different advisory. According to Apple, these bugs might have been used to compromise iOS versions prior to iOS 16.7.1.
Security issues with the Apple Neural Engine, CoreCrypto, Mail Search, Reset Services, Shortcuts, and Time Zone are also fixed by the iOS and MacOS releases.