Apple Releases Security Updates for Multiple Products - 20231204001

Overview

Apple has released security updates to address vulnerabilities in WebKit for multiple apple products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

What is the vulnerability?

• An out-of-bounds read vulnerability CVE-2023-42916 - CVSS v3 Base Score: N.A
• A memory corruption vulnerability CVE-2023-42917 - CVSS v3 Base Score: N.A

What is vulnerable?

The vulnerability affects the following apple products WebKit:

• Safari 17.1.2
• macOS Sonoma 14.1.2
• iOS 17.1.2 and iPadOS 17.1.2

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):

• Apple Security Releases