On Monday, Apple launched the newest spherical of updates to iOS and iPadOS (17.3), macOS (14.3), watchOS (10.3), and tvOS (17.3), which embrace a couple of new options, a smattering of bug fixes, and a few fairly essential safety patches. Amongst them is a patch for a vulnerability that will have been exploited within the wild—in different phrases, you need to rush to put in the replace and patch it.
The zero-day is the primary Apple has mounted this 12 months. It impacts the next fashions: iPhone XS and later, iPad Professional 12.9-inch 2nd era and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad sixth era and later, and iPad mini fifth era and later, in addition to Macs working Sonoma, Ventura, and Monterey, and all Apple TV fashions. It was found as a part of the WebKit Bugzilla program.
Apple additionally launched a separate Safari replace for macOS Ventura and Monterey that features the repair, amongst different patches:
WebKit (CVE-2024-23222)
- Impression: Processing maliciously crafted internet content material could result in arbitrary code execution. Apple is conscious of a report that this problem could have been exploited.
- Description: A kind confusion problem was addressed with improved checks.
- WebKit Bugzilla: 267134
The updates additionally embrace a few dozen different patches for Apple Neural Engine, Kernel, Safari, Finder, and Shortcuts, and a number of other different system options, together with a wierd Time Zone repair:
Time Zone
- Impression: An app might be able to view a person’s telephone quantity in system logs
- Description: This problem was addressed with improved redaction of delicate data.
- CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Moreover, Apple launched iOS 16.7.5 and iOS 15.8.1 to deal with a pair of zero-day WebKit flaws that have been beforehand patched in iOS 17.1.2 final 12 months.
