Apple patches three exploited Safari vulnerabilities

By on
Apple patches three exploited Safari vulnerabilities

Found across all device operating systems.

Unnamed attackers have exploited vulnerabilities in the WebKit engine for Apple's Safari browser, which is used to render web content in all of the technology giant's operating systems.

One vulnerability, reported by Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab, could allow attackers to break out of the Web Content protective "sandbox" which restricts access to other parts of the operating system.

The vulnerability, given the common vulnerabilities and exposures index CVE-2023-32409, was patched in the latest round of Apple security updates released today.

Neither Amnesty International nor Google TAG have revealed who they suspect are behind the attacks, ditto Apple, or when and where they took place.

Apple said two other exploited vulnerabilities in WebKit were addressed with its new Rapid Security Response out-of-band patches.

Reported by anonymous researchers, the bugs allowed attackers to glean sensitive information and execute arbitrary code by exploiting an out-of-bounds read flaw, and a use-after-free condition.

Security researcher Amat Cama of Vigilant Labs found a bug in the cellular function on the iPhone 8 and X that could be used to remotely execute arbitrary code; while Google's Project Zero researcher Ivan Fratric discovered a flaw in the iPhone 8 and later, iPad Pro, Air and mini Telephony function that could crash apps and also be abused to run code remotely.

Apple's Safari web browser, watchOS, tvOS, iOS, iPadOS and macOS operating systems all received security updates.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applemacossecurityventurawebkit

Sponsored Whitepapers

Creating the Sustainable IT Department
Creating the Sustainable IT Department
Modernize and innovate in a Multicloud operating model
Modernize and innovate in a Multicloud operating model
The Future Belongs to the Innovators
The Future Belongs to the Innovators
Manufacturers&#8217; Perspectives on Modernizing with Edge Computing and 5G eBook
Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook
State of Email Security Report 2023
State of Email Security Report 2023

Events

Most Read Articles

TechnologyOne still investigating impact of M365 cyber incident

TechnologyOne still investigating impact of M365 cyber incident
TechnologyOne investigates 'cyber incident' on M365 system

TechnologyOne investigates 'cyber incident' on M365 system
Trend Micro discloses vulnerabilities in enterprise products

Trend Micro discloses vulnerabilities in enterprise products
Protocol bug leaves Aruba access points exposed

Protocol bug leaves Aruba access points exposed

Digital Nation

Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success

Log In

  |  Forgot your password?