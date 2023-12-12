Apple has released Monday security patches for iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address multiple security vulnerabilities, as well as making corrections for two zero-days recently disclosed on older devices.

What are the vulnerabilities Apple has fixed in its operating systems

This includes updates for 12 security vulnerabilities in iOS and iPadOS affecting AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing and WebKit. macOS Sonoma 14.2, for its part, resolves 39 defects, counting six bugs that affect the ncurses library.

Noteworthy vulnerabilities include CVE-2023-45866a serious security issue in Bluetooth that could allow an attacker into a network location privileged to inject pressed keys simulating a keyboard.

The vulnerability was disclosed last week by SkySafe security researcher Marc Newlin. but it was fixed in iOS 17.2iPadOS 17.2 and macOS Sonoma 14.2 with improved controls, the iPhone maker said.

Apple also released Safari 17.2which contains fixes for two WebKit flaws – CVE-2023-42890 and CVE-2023-42883 – which may lead to arbitrary code execution and a denial-of-service (DoS) condition; the update is available for Macs running macOS Monterey And macOS Ventura.

iOS 17.2 and iPadOS 17.2, as well as fixes a Siri bug that could allow a an attacker (a hacker, in short) with physical access to obtain sensitive datainclude a security enhancement in the form of Contact Key Verificationwhich ensures the privacy of iMessage conversations by allowing users to verify the contacts they are communicating with.

“iMessage Contact Key Verification advances the state of the art of Key Transparency implementations by having user devices self-verify consistency proofs and ensure the consistency of the KT system across all user devices for an account“, has made known Apple in a technical explanation in October 2023.

Apple then added “These improvements protect against compromises of the key directory as well as compromises of the transparency service itself e can detect separate views presented by both services.”

Coinciding with the updates, Apple also released iOS 16.7.3 and iPadOS 16.7.3 to close up to eight security issues, two of which involve WebKit (CVE-2023-42916 and CVE-2023-42917) And were disclosed by Redmond as being actively exploited in the wild earlier this month.

Both vulnerabilities have also been patched in tvOS 17.2 and watchOS 10.2, however no further details on the nature of the exploitation are yet available and the cybercriminals who might use them.

Conclusion

This is important to point out the urgency of installing the latest updates on all supported devices; The presence of significant vulnerabilities, such as the critical one in Bluetooth (CVE-2023-45866) and issues associated with WebKit, highlights the need for timely intervention to ensure protection from cyber attacks.

introducing improvements to iMessage contact key verification represents a significant step forward for communications security, highlighting Apple's commitment to ensuring user privacy; The focus on resolving Siri-related issues and ongoing security optimization indicates a proactive approach to addressing potential security risks.

The users are encouraged to keep their devices updated regularly and to be aware of recommended security practices to protect your personal information; Collaboration between developers and the security community is essential to identify and resolve vulnerabilities promptly, thus helping to ensure a safer digital environment for all users.