Apple is pushing out fresh versions of its flagship iOS and macOS platforms with patches for multiple WebKit vulnerabilities being exploited as zero-day in the wild.
The device maker said the newest iOS 17.3 and macOS Sonoma 14.3 updates fix at least 16 documented vulnerabilities that expose Apple users to code execution, denial-of-service and data exposure attacks.
The Cupertino company called urgent attention to a trio of WebKit security defects that have already been exploited in zero-day attacks.
As is customary, Apple did not release technical details or indicators of compromise to help defenders hunt for signs of compromise. According to a barebones iOS 17.3 advisory, one of the WebKit flaws — CVE-2024-23222 — may have been exploited against newer versions of the operating system.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited,” the company said. “A type confusion issue was addressed with improved checks.”
A separate advisory documents a pair of WebKit bugs — CVE-2023-42916 and CVE-2023-42917 — that Apple says may have been exploited against versions of iOS before iOS 16.7.1.
The iOS and MacOS updates also fix security problems in the Apple Neural Engine, CoreCrypto, Mail Search, Reset Services, Shortcuts and Time Zone.
Related: Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
Related: Microsoft: Russian Gov Hackers Stole Email Data From Senior Execs
Related: CISA Issues Emergency Directive on Ivanti Zero-Days
Related: Chinese Spies Exploited VMware Server Vulnerability Since 2021