On Monday, Apple released the latest round of updates to iOS and iPadOS (17.3), macOS (14.3), watchOS (10.3), and tvOS (17.3), which include a few new features, a smattering of bug fixes, and some pretty important security patches. Among them is a patch for a vulnerability that may have been exploited in the wild—in other words, you should rush to install the update and patch it.
The zero-day is the first Apple has fixed this year. It affects the following models: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later, as well as Macs running Sonoma, Ventura, and Monterey, and all Apple TV models. It was discovered as part of the WebKit Bugzilla program.
Apple also released a separate Safari update for macOS Ventura and Monterey that includes the fix, among other patches:
WebKit (CVE-2024-23222)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
- Description: A type confusion issue was addressed with improved checks.
- WebKit Bugzilla: 267134
The updates also include about a dozen other patches for Apple Neural Engine, Kernel, Safari, Finder, and Shortcuts, and several other system features, including a strange Time Zone fix:
Time Zone
- Impact: An app may be able to view a user’s phone number in system logs
- Description: This issue was addressed with improved redaction of sensitive information.
- CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
Additionally, Apple released iOS 16.7.5 and iOS 15.8.1 to address a pair of zero-day WebKit flaws that were previously patched in iOS 17.1.2 last year.