Home » alerts » Multiple Vulnerabilities in Apple Products

Multiple Vulnerabilities in Apple Products

Components Affected

• Versions prior to iOS 16.7.5 and iPadOS 16.7.5
• Versions prior to iOS 17.3 and iPadOS 17.3
• Versions prior to macOS Monterey 12.7.3
• Versions prior to macOS Ventura 13.6.4
• Versions prior to macOS Sonoma 14.3
• Versions prior to Safari 17.3
• Versions prior to tvOS 17.3
• Versions prior to watchOS 10.3

Overview

Multiple vulnerabilities were identified in Apple Products, where a remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

Description

Multiple vulnerabilities in Apple products have been identified, posing a range of risks if exploited by a remote attacker. Apple is pushing out fresh versions of its flagship iOS and macOS platforms with patches for multiple WebKit vulnerabilities being exploited as zero-day in the wild. The newest iOS 17.3 and macOS Sonoma 14.3 updates fix at least 16 documented vulnerabilities that expose Apple users to code execution, security restriction bypass, denial-of-service and data exposure attacks. One of the WebKit flaws; CVE-2024-23222, may have been exploited against newer versions of the operating system while a pair of WebKit bugs; CVE-2023-42916 and CVE-2023-42917 may have been exploited against versions of iOS before iOS 16.7.5.

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Elevation of Privilege

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• iOS 16.7.5 and iPadOS 16.7.5
• iOS 17.3 and iPadOS 17.3
• macOS Monterey 12.7.3
• macOS Ventura 13.6.4
• macOS Sonoma 14.3
• Safari 17.3
• tvOS 17.3
• watchOS 10.3

Reference

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.