Apple has released a series of security patches covering its entire ecosystem, addressing critical vulnerabilities in iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser. The updates include fixes for 12 security flaws in iOS and iPadOS, spanning various components such as AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. Additionally, macOS Sonoma 14.2 resolves 39 shortcomings, including six bugs affecting the ncurses library.
One notable vulnerability addressed is CVE-2023-45866, a critical issue that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard. The patching also extends to Safari 17.2, which contains fixes for two WebKit flaws (CVE-2023-42890 and CVE-2023-42883), addressing concerns of arbitrary code execution and a denial-of-service condition. This update is available for Macs running macOS Monterey and macOS Ventura.
Alongside these patches, Apple released iOS 16.7.3 and iPadOS 16.7.3, closing eight security issues, including two related to WebKit (CVE-2023-42916 and CVE-2023-42917) actively exploited in the wild earlier this month. These vulnerabilities have also been patched in tvOS 17.2 and watchOS 10.2. The updates come with additional security enhancements, such as Contact Key Verification in iOS 17.2 and iPadOS 17.2, aiming to safeguard iMessage conversations and detect potential compromises of key directory or transparency service integrity.
