Apple recently released an important security update for its operating system, which is mainly aimed at fixing dozens of security vulnerabilities that may affect the iPhone and Mac, including three zero-day vulnerabilities affecting the WebKit browser engine. The vulnerabilities, reported to Apple by an anonymous researcher, could potentially be exploited to disclose sensitive information or execute arbitrary code if an attacker could trick a targeted user into exposing them to specific web content, such as leading them to a malicious website.
Apple’s latest iOS 16.5 and iPadOS 16.5 updates fix these issues. These updates primarily resolve two vulnerabilities named CVE-2023-28204 and CVE-2023-32373, and another WebKit zero-day vulnerability called CVE-2023-32409. This vulnerability could be abused to evade the sandbox of web content.
Apple also updated its MacOS Monterey to version 12.6.6 and Big Sur to version 11.7.7, which fixed more than 20 other vulnerabilities. These updates ensure that Apple devices can get the latest security protection, which is undoubtedly a peace of mind for users.
Finally, while Apple notes that there is no evidence that these vulnerabilities have been actively abused, the company stresses that users must regularly install the latest security updates to ensure that their devices are optimally protected.