The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws.
The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code execution. The IT giant addressed the flaw by improving memory handling.
The flaw CVE-2023-42898 was discovered by Junsung Lee.
Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Processing web content may lead to arbitrary code execution.
Apple this week rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 16.7.3 and iPadOS 16.7.3 to address known flaws in older versions of the operating system.
Addressed issues include CVE-2023-42916 and CVE-2023-42917 which Apple fixed at the end of November.
Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Apple)