Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browsers to address several security flaws, in addition to fixing backporting for two recently disclosed zero-days to older devices.
This includes updates for 12 security vulnerabilities on iOS and iPadOS that includes AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. macOS Sonoma 14.2in its part, resolves 39 deficiencies, counting six bugs affecting the ncurses library.
Notable among the flaws is CVE-2023-45866, a critical security issue that could allow an attacker in a privileged network position to inject keystrokes by spoofing a you keyboard.
The vulnerability was disclosed by SkySafe security researcher Marc Newlin last week. This is fixed in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 with improved checks, the iPhone maker said.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.
Apple also released the Safari 17.2, which contains fixes for two WebKit flaws – CVE-2023-42890 and CVE-2023-42883 – that could lead to arbitrary code execution and a denial of service (DoS) condition. The update is available for Macs running macOS Monterey and macOS Ventura.
iOS 17.2 and iPadOS 17.2, in addition to resolving a Siri bug that could allow an adversary with physical access to obtain sensitive data, pack a security upgrade in the form of Contact Key Verificationwhich ensures the privacy of iMessage conversations by allowing users to check the contacts they are talking to.
“iMessage Contact Key Verification advances the state of the art in Key Transparency deployment by having the user devices themselves verify the consistency of credentials and ensuring the consistency of the KT system across all user devices for an account ,” Apple THE audience in a technical explanation in October 2023.
“These improvements protect against the primary compromise of the directory as well as the compromise of the transparency service itself, and detect split views presented by both services.”
In line with the updates, Apple also released iOS 16.7.3 and iPadOS 16.7.3 to close as many as eight security issues, two of which are related to WebKit (CVE-2023-42916 and CVE-2023-42917) and which Redmond disclosed were actively exploited in the wild earlier this month.