With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read flaw, while CVE-2023-42917 is a vulnerability allowing for exploitable memory corruption. Both affect WebKit, the Apple-developed browser engine used by the company’s Safari web browser and all web browsers on iOS and iPadOS. CVE-2023-42916 may lead to … More
The post Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) appeared first on Help Net Security.