Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. macOS Sonoma 14.2, for its part, resolves 39 shortcomings, counting six bugs impacting the ncurses library.
Notable among the flaws is CVE-2023-45866, a critical security issue in Bluetooth that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard.
Also released by Apple is Safari 17.2, containing fixes for two WebKit flaws – CVE-2023-42890 and CVE-2023-42883 – that could lead to arbitrary code execution and a denial-of-service (DoS) condition. The update is available for Macs running macOS Monterey and macOS Ventura.
Coinciding with the updates, Apple has also released iOS 16.7.3 and iPadOS 16.7.3 to close out as many as eight security issues, two of which relate to WebKit (CVE-2023-42916 and CVE-2023-42917) and were disclosed by Redmond as having been actively exploited in the wild earlier this month.
Both the vulnerabilities have been patched in tvOS 17.2 and watchOS 10.2 as well. No additional details are available as yet regarding the nature of the exploitation and the threat actors that may be using them.
Source: https://thehackernews.com/
