Apple released security patches on Dec 11 to address multiple security flaws in various devices and software, including iPhones [5], Macs [2] [5], Apple TVs [2] [3] [4] [5] [6] [7], Apple Watches [5], and Safari web browser [6]. These patches also include fixes for two recently disclosed zero-day vulnerabilities [2] [3] [4] [6] [7].
Description
The updates for iOS and iPadOS address 12 security vulnerabilities in components such as AVEVideoEncoder [2] [3] [4] [6] [7], ExtensionKit [2] [3] [4] [6] [7], Find My [1] [2] [3] [4] [6] [7], ImageIO [2] [3] [4] [6] [7], Kernel [1] [2] [3] [4] [5] [6] [7], Safari Private Browsing [1] [2] [3] [4] [6] [7], and WebKit [2] [3] [4] [6] [7]. macOS Sonoma version 14.2 resolves 39 shortcomings [2] [3] [4] [6] [7], including six bugs in the ncurses library [2] [3] [4] [6] [7]. Notably, it fixes a critical security issue (CVE-2023-45866) that allows an attacker to inject keystrokes by spoofing a keyboard [3] [4] [6] [7]. Safari 17.2 has also been released, fixing two WebKit flaws (CVE-2023-42890 and CVE-2023-42883) that could lead to arbitrary code execution and a denial-of-service condition [2] [3] [4] [6] [7].
The updates for iOS and iPadOS also address a Siri bug that could allow an attacker with physical access to obtain sensitive data [2] [3] [4] [6] [7]. Additionally, the updates introduce Contact Key Verification for iMessage conversations [3], enhancing privacy by allowing users to verify the contacts they are communicating with [3] [4] [6] [7].
Apple has also released iOS 16.7.3 and iPadOS 16.7.3 to address eight security issues [3] [4] [6] [7], including two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that were actively exploited [3] [4] [6]. These vulnerabilities have been patched in tvOS 17.2 and watchOS 10.2 as well [3] [4] [6] [7].
Conclusion
These security patches and updates are crucial in mitigating potential risks and protecting users’ devices and data. By addressing multiple security flaws and vulnerabilities [2] [3] [4] [6] [7], Apple is ensuring the safety and privacy of its users. It is important for users to promptly install these updates to stay protected against potential threats. Apple’s commitment to addressing security issues demonstrates its dedication to providing a secure and reliable user experience.
References
[1] https://9to5mac.com/2023/12/11/ios-17-2-10-important-security-fixes/
[2] https://owasp.or.id/2023/12/12/apple-releases-security-updates-to-patch-critical-ios-and-macos-security-flaws/
[3] https://blog.cyberconvoy.com/apple-releases-security-updates-to-patch-critical-ios-and-macos-security-flaws/
[4] https://thehackernews.com/2023/12/apple-releases-security-updates-to.html
[5] https://www.darkreading.com/endpoint-security/dozens-bugs-patched-apple-tv-watch-mac-iphone
[6] https://investorbeam.com/2023/12/12/apple-releases-security-updates-to-patch-critical-ios-and-macos-security-flaws/
[7] https://patabook.com/technology/2023/12/12/apple-releases-security-updates-to-patch-critical-ios-and-macos-security-flaws/
