Security Advisory: Apple ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation


Apple has released urgent security updates for its iOS and macOS platforms to address multiple WebKit vulnerabilities that are being actively exploited in the wild. WebKit is the web browser engine used by Safari and other iOS and iPadOS web browsers. The vulnerabilities could allow attackers to run arbitrary code, cause denial-of-service, or access sensitive data on Apple devices.

The company has highlighted three WebKit vulnerabilities that have been exploited in zero-day attacks. One of them, CVE-2024-23222, affects newer versions of iOS and macOS, while the other two, CVE-2023-42916 and CVE-2023-42917, affect older versions of iOS. Apple has not provided technical details or indicators of compromise for these vulnerabilities.

The iOS and macOS updates also fix 13 other security issues in various components, such as the Apple Neural Engine, CoreCrypto, Mail Search, Reset Services, Shortcuts, and Time Zone. These issues could also lead to arbitrary code execution, data exposure, or privacy issues.

Recommended Remediations

CTRL Cybersecurity recommend updating to the latest versions.

Apple has fixed the vulnerabilities with the release of iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, and macOS Monterey 12.7.3.