On Monday, Apple launched the newest spherical of updates to iOS and iPadOS (17.3), macOS (14.3), watchOS (10.3), and tvOS (17.3), which embody a number of new options, a smattering of bug fixes, and a few fairly vital safety patches. Amongst them is a patch for a vulnerability that will have been exploited within the wild—in different phrases, it is best to rush to put in the replace and patch it.
The zero-day is the primary Apple has fastened this yr. It impacts the next fashions: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, and iPad mini fifth technology and later, in addition to Macs working Sonoma, Ventura, and Monterey, and all Apple TV fashions. It was found as a part of the WebKit Bugzilla program.
Apple additionally launched a separate Safari replace for macOS Ventura and Monterey that features the repair, amongst different patches:
WebKit (CVE-2024-23222)
- Influence: Processing maliciously crafted internet content material could result in arbitrary code execution. Apple is conscious of a report that this subject could have been exploited.
- Description: A kind confusion subject was addressed with improved checks.
- WebKit Bugzilla: 267134
The updates additionally embody a couple of dozen different patches for Apple Neural Engine, Kernel, Safari, Finder, and Shortcuts, and a number of other different system options, together with an odd Time Zone repair:
Time Zone
- Influence: An app might be able to view a consumer’s cellphone quantity in system logs
- Description: This subject was addressed with improved redaction of delicate data.
- CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Moreover, Apple launched iOS 16.7.5 and iOS 15.8.1 to deal with a pair of zero-day WebKit flaws that have been beforehand patched in iOS 17.1.2 final yr.