Apple on Thursday pushed out security updates for its flagship macOS and iOS platforms to cover a pair of serious flaws that have already been exploited against older mobile devices.
The vulnerabilities, flagged in the WebKit browsing engine, can be exploited to hijack sensitive content or launch arbitrary code execution attacks, according to a series of advisories from Cupertino.
The company rolled out iOS 17.1.2 and iPadOS 17.1.2 with fixes for the WebKit flaws and warned that exploits can be launched via malicious web content.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” the company said.
As is customary, Apple’s advisories did not provide any additional information on in-the-wild exploitation.
The company credited the discoveries to Clément Lecigne of Google’s Threat Analysis Group (TAG). Google’s researchers have actively discovered commercial spyware vendors and mercenary hacking companies exploiting iPhone zero-day vulnerabilities.
The WebKit memory safety bugs — CVE-2023-42916 and CVE-2023-42917 — were also patched in the new macOS Sonoma 14.1.2 and Safari 17.1.2 updates.
Related: Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices
Related: Okta Broadens Scope of Hack: All Customer Support Users Affected