Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine.
The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web content to disclose sensitive information.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.” reads the advisory.