Apple Patches Actively Exploited iOS Zero-Days

Written by

Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20.

The tech giant said that the two bugs in its WebKit browser engine were being actively exploited in the wild.

The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

The flaw is described as an “out-of-bounds read” which Apple addressed with improved input validation.

“Processing web content may disclose sensitive information,” Apple said of its impact.

Read more on Apple zero-days: Apple Issues Emergency Patches for More Zero-Day Bugs

The second vulnerability, CVE-2023-42917, is a memory corruption flaw in WebKit which was addressed with “improved locking.” 

It is present in the same list of products as the first vulnerability.

“Processing web content may lead to arbitrary code execution,” Apple said of the flaw.

Both bugs were discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG), a researcher and an organization known for finding vulnerabilities and exploits used in commercial spyware operations.

Just this week, he was cited by Google in a Chrome update for finding CVE-2023-6345, an integer overflow issue in open source 2D graphics library Skia, linked to similar state-sponsored activity.

The continued discovery of zero-day vulnerabilities in Apple kit, frequently researched by commercial spyware organizations to deliver eavesdropping capabilities to targeted devices, hint that such operations are still very much alive and well despite Western pressure.

The US has placed organizations like NSO Group on trade blacklists in an attempt to stifle their business, and in March President Biden approved an executive order (EO) banning government use of any commercial spyware that has previously been misused by foreign states to spy on citizens, dissidents, activists and others.

Image credit: NYC Russ / Shutterstock.com

What’s hot on Infosecurity Magazine?