In response to ongoing cyber threats, Apple has rolled out critical security updates for iPhones, iPads, and Macs to patch two actively exploited vulnerabilities.
The technology giant released iOS and iPadOS 17.1.2, along with macOS 14.1.2, addressing the vulnerabilities identified by security researchers at Google's Threat Analysis Group.
WebKit, Safari's browser engine, and other programs were updated on Thursday to fix vulnerabilities that allow hackers to remotely insert malware, including spyware, onto users' devices over the internet, per TechCrunch. Apple had little time to fix "zero-day" vulnerabilities before they were exploited.
According to Apple's security advisories, the issues might have been exploited in versions of iOS predating iOS 16.7.1, released on October 11. In addition to iOS and iPadOS updates, Apple also introduced Safari 17.1.2 for users on older versions of macOS Monterey and macOS Ventura.
A customer holds an Apple iPhone 15 series device displayed for sale at The Grove Apple retail store on release day in Los Angeles, California, on September 22, 2023.
Google's Swift Response to Vulnerability
Apple and Google have not pointed fingers at malicious groups or governments using these zero-day vulnerabilities. Both firms have not published vulnerability specifics.
The zero-day Chrome vulnerability was fixed this week by Google, which acknowledged an attack "in the wild." Google's quick response, fixing the Chrome bug within four days, contrasts with Apple's resolution of the issue reported by Google researchers in under a week.
Notably, the WebKit vulnerabilities in iOS and iPadOS are significant, considering that all web browsers on these platforms currently rely on Apple's rendering engine. However, upcoming changes mandated by the EU's Digital Markets Act may allow users to sideload apps on iPhones and iPads, potentially altering this scenario, according to Thurrott.
Read Also: Weird Al's Surprise Message in Spotify Wrapped Puts Spotlight on Streaming Royalties
For Mac users running macOS Monterey or macOS Ventura, the Safari update addressing the same WebKit vulnerabilities is available. Unlike iOS and iPadOS, Mac users have the flexibility to use web browsers employing rendering engines other than Apple's WebKit, reducing the impact of these vulnerabilities.
Install iOS 17.1.2 Immediately for Critical Security Fixes
iOS 17.1.2 is a pivotal security update, emphasizing immediate application due to its exclusive focus on security. Released ahead of iOS 17.2, this update contains no additional features or bug fixes.
For users still on iOS 16, particularly 16.7.1, upgrading to iOS 17.1.2 is strongly advised, addressing vulnerabilities exploited in iPhones running iOS 16.7.1. Despite not being labeled as a Rapid Security Response update, Apple stresses the need for manual applications to ensure user awareness and prompt device security, according to Forbes.
The vulnerabilities, reported by Clément Lecigne of Google's Threat Analysis Group, carry the potential for spyware-related attacks, underscoring the urgency of immediate action. Sean Wright, Head of Application Security at Featurespace, highlights the severity of the potential consequences, urging users to manually update to iOS 17.1.2, even with automatic updates enabled.
Take proactive measures by navigating to Settings > General > Software Update and securing your iPhone promptly with iOS 17.1.2.
Related Article: ScamClub Malvertising Campaign Infects ESPN, Other News Sites With Fake McAfee Alerts
