Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917

Apple Patch Updates address two Zero Day Vulnerabilities targeting iPhones, iPads, and Macs. The Rapid Security Response updates address fixes for two actively exploited vulnerabilities, CVE-2023-42916 and CVE-2023-42917 WebKit web browser engine flaws.

Apple Releases Rapid Security Response Updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day, specifically for iOS 17.1.2 and iPadOS 17.1.2 and macOS 14.1.2 to fix actively Exploited Vulnerability.

WebKit is the web browser engine developed by Apple and used by many other apps on macOS, and iOS. WebKit has been a common target for threat actors as many previously exploited vulnerabilities have been reported in this component,

Rapid Security Responses deliver important security improvements between software updates and are available only for the latest versions of iOS, iPadOS, and macOS. It is important to keep the setting turned On to receive the software release updates, otherwise, your device will get updates in future release part of software updates.

Patch My PC

The best way is always to keep Apple devices updated with the latest patches. Also, IT Admins can force critical macOS, and iOS Patches and enable Compliance policy if they manage the devices with Intune to ensure all the devices are compliant and secure to be attacked by any remote attacker, More about Force Safari Patch Updates On MacOS.

Apple Patch Update to Fix Two Zero Day Vulnerabilities WebKit Security

Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac. Rapid Security Responses (RSR) can also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist “in the wild.”

Adaptiva
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.1
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.1

A Critical flaw discovered in the Apple WebKit browser engine enables attackers to execute arbitrary code via ingeniously crafted malicious web content on Apple devices.

PlatformImpactDescriptionsCVE-ID
iOS 17.1.2 and iPadOS 17.1.2 Processing web content may disclose sensitive information.An out-of-bounds read was addressed with improved input validation.CVE-2023-42916
iOS 17.1.2 and iPadOS 17.1.2Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.A memory corruption vulnerability was addressed with improved locking.CVE-2023-42917
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 – Table 1

Apple Releases Rapid Security Response Updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day, specifically for iOS 17.1.2 and iPadOS 17.1.2 and macOS 14.1.2 to fix actively Exploited Vulnerability. The patches are available for Safari (version 17.1.2), macOS Sonoma (version 14.1.2) on macOS Monterey and macOS Ventura.

Name and information linkAvailable forRelease date
Safari 17.1.2macOS Monterey and macOS Ventura30 Nov 2023
iOS 17.1.2 and iPadOS 17.1.2iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later30 Nov 2023
macOS Sonoma 14.1.2macOS Sonoma30 Nov 2023
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 – Table 2

Keep your Mac iOS Devices Up to Date

To download macOS software updates, choose Apple menu > System Settings, click General in the sidebar (you may need to scroll down), then click Software Update on the right.

Clicking on the Update Now, You can see Windows appearing with the Information and updates that are available for your Mac with Version and size details. You can click on the Install Now button to start installing the updates.

Note – New Rapid Security Responses are delivered only for the latest versions of iOS, iPadOS, and macOS, starting with iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1.

By default, your device automatically applies Rapid Security Responses. If necessary, you will be prompted to restart your device. To check your device settings, follow the steps below.

If you want to enable the automatic updates for your device, You can simply click on the Automatic Updates (i) button to get the offered options for you, then make sure that “Install Security Responses and system files” is turned On. Here you can set it up the following option to offer automatic update

  • Check for updates
  • Download new updates when available
  • Install macOS updates
  • Install application updates from the App Store
  • Install Security Response and system files
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.1
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.2

Manage macOS Software Updates using Intune

Intune policy for macOS software updates allows you to remotely manage how downloads, installations, and notifications should occur when the updates are available for macOS, You can manage macOS Updates Using Intune Policy.

You can check the Software Update Status for macOS Devices with the following steps to help you monitor and troubleshoot issues with software updates installation on macOS. Here’s how to get the details status specific to the device in Intune, Monitor MacOS Update Installation Status.

Once you click on the update, you will get a detailed report of the updates. For example, The device is installing macOS Security Response. The Update Category statusupdate categoryVersion, and Last updated are displayed here.

Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.3
Apple Patch Fixes Two Zero Day Vulnerabilities in Emergency Updates CVE-2023-42916 CVE-2023-42917 Fig.3

The question comes here, what will happen if the selected option for installing security response and system files decides not to apply Rapid Security Responses when they are available, your device will receive relevant fixes or mitigations when they are included in a subsequent software update.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.