Apple released security patches for iOS, iPadOS, macOS, tvOS, watchOS and the Safari web browser on Monday to address multiple security vulnerabilities and retroactively fix two recently disclosed zero-day vulnerabilities for older devices.
This includes updates for 12 security vulnerabilities in iOS and iPadOS involving AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit. macOS Sonoma version 14.2 addresses 39 deficiencies, including six vulnerabilities affecting the ncurses library.
One of the notable vulnerabilities is CVE-2023-45866, a critical security issue in Bluetooth that could allow an attacker in a privileged network location to inject keystrokes by spoofing the keyboard.
The vulnerability was disclosed last week by SkySafe security researcher Marc Newlin. Apple says the issue has been fixed in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 through improved checking.
In addition to addressing a Siri vulnerability that could allow a physical adversary to obtain sensitive data, iOS 17.2 and iPadOS 17.2 also include a security upgrade, Contact Key Verification, by enabling users to verify the contacts they are communicating with. , ensuring the privacy of iMessage conversations.
Apple noted in an October 2023 technical note: “iMessage Contact Key Verification advances keys by letting user devices verify proof of consistency themselves and ensuring the KT system is consistent across all user devices for an account. Latest status of transparency deployment.”
"These improvements protect the key directory from compromise, as well as the transparency service itself, and enable the detection of split views presented by both services."
At the same time as the update, Apple also released iOS 16.7.3 and iPadOS 16.7.3 to address up to eight security issues, two of which are related to WebKit (CVE-2023-42916 and CVE-2023-42917) and have been reported in this update. It was disclosed by Redmond earlier this month that it was being actively exploited.
Both vulnerabilities have also been patched in tvOS 17.2 and watchOS 10.2. No further details are currently available about how these vulnerabilities were exploited and the threat actors that may have used them.
Original article by SnowFlake, if reproduced, please credit https://www.cncso.com/en/apple-system-security-update-fixed-multiple-vulnerabilities.html
