Apple issued security fixes for iOS, iPadOS, macOS, TVOS, watchOS, and Safari. To protect customer data and privacy, the tech giant has also patched two newly discovered zero-day vulnerabilities on previous models.
The security updates encompass a spectrum of issues, with iOS and iPadOS receiving patches for 12 vulnerabilities related to AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. In parallel, macOS Sonoma 14.2 tackles 39 shortcomings, addressing six bugs that impact the ncurses library.
Addressing Critical Security Weaknesses
According to The Hacker News, among the highlighted flaws is CVE-2023-45866, a critical Bluetooth vulnerability that could permit an attacker in a privileged network position to inject keystrokes by spoofing a keyboard. Security researcher Marc Newlin of SkySafe disclosed this vulnerability, prompting swift remediation in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 through enhanced checks.
Apple has also introduced Safari 17.2, focusing on fixing two WebKit flaws-CVE-2023-42890 and CVE-2023-42883. These vulnerabilities could potentially lead to arbitrary code execution and a denial-of-service (DoS) condition. The update is available for Macs running macOS Monterey and macOS Ventura.
iOS 17.2 and iPadOS 17.2 go beyond mere vulnerability fixes, introducing a security upgrade known as Contact Key Verification. This feature ensures the privacy of iMessage conversations by enabling users to verify the contacts they are communicating with. Additionally, it addresses a Siri bug that could potentially allow an adversary with physical access to obtain sensitive data.
The Contact Key Verification feature represents a significant advancement in key transparency deployments. By having user devices verify consistency proofs and ensuring consistency across all devices for an account, Apple aims to fortify protection against key directory compromise and compromise of the transparency service itself.
The security feature is designed for users facing significant digital threats, enabling them to verify and ensure secure messaging, especially for individuals such as journalists, human rights activists, and government officials.
Concurrently, Apple has rolled out iOS 16.7.3 and iPadOS 16.7.3, including two related to WebKit, per Security Week. The update aimed to solve security issues on older devices.
These WebKit vulnerabilities were actively exploited in the wild, prompting swift action to mitigate potential risks. The patches for these vulnerabilities extend to tvOS 17.2 and watchOS 10.2. While details about the nature of the exploitation and the involved threat actors remain undisclosed, Apple's swift response underscores its commitment to maintaining the integrity of its devices and protecting users from potential security threats.
Apple Releases Journal App
In a parallel announcement, Apple has unveiled the Journal app with iOS 17.2, a feature initially introduced at the WWDC event in June alongside iOS 17. However, it was absent from the update's initial launch on September 18.
The Journal app utilizes on-device machine learning to offer personalized writing suggestions, providing users with an engaging and innovative experience, as reported by CNET.