Apple has released an emergency patch to fix two vulnerabilities in WebKit, the engine of the Safari web browser, that are being actively exploited by attackers. These vulnerabilities served as an attack path for all iPhone smartphones, iPad tablets and macOS computers.
The first vulnerability, called CVE-2023-42916, allowed hackers to access protected areas of the device’s memory. This could result in the unauthorized removal of confidential information. The second vulnerability, CVE-2023-42917, was related to a flaw that could lead to memory corruption. This data corruption could be used to execute malicious code, posing a serious threat to device security.
The vulnerabilities in WebKit came to light thanks to cybersecurity researcher Clément Lecigne from the Google Threat Analysis Group. Additionally, Lesin recently discovered a similar security flaw in the Chrome browser, which also required the release of an immediate patch to fix.
It is believed that hackers exploited the vulnerabilities of Apple devices by sending infected websites to victims. This could occur through phishing emails or fake websites, highlighting the need for caution when dealing with unverified sources.
In response to the threat, Apple released security updates for iOS, iPadOS and macOS Sonoma, as well as the Safari browser.