Apple has issued emergency fixes to plug security flaws in iPhones, iPads, and Macs that may already be under attack.
The software updates for iOS, iPadOS, macOS Sonoma, and Safari web browser address two bugs: an out-of-bounds read flaw tracked as CVE-2023-42916, and a memory corruption vulnerability tracked as CVE-2023-42917.
Both are in the WebKit web browser engine – the heart of Safari, as found on iThings and Macs – and can be abused to access sensitive information (CVE-2023-42916) and execute arbitrary code (CVE-2023-42917) on vulnerable devices. It appears a malicious webpage or similar content can exploit these holes: we imagine an attack would involve tricking a mark into a opening a page that then hijacks their equipment and snoops on them.
