Just a few days away from the official release of new major versions for operating systems iOS (iPhone), iPadOS (iPad), watchOS (Apple Watch), company Apple released an urgent security update (Security Update) to patch some critical vulnerabilities.
Two vulnerabilities were discovered in the browser engine WebKit (CVE-2023-41993) and in the security framework (CVE-2023-41991) that allows cyber attackers to bypass signature validation using malware or achieve arbitrary code execution via web pages designed specifically for this vulnerability. Web pages that have "behind" malware codes.
A third vulnerability was discovered in Kernel Framework, which provides APIs and support for kernel extensions and kernel-resident device drivers. Attackers can exploit this bug (CVE-2023-41992) to get what administration privileges.
Security Update for all devices Apple (iOS, macOS, iPadOS, watchOS)
Apple fixed the three zero-day bugs with security update (Security Update) for macOS 12.7/13.6, iOS 16.7/17.0.1, iPadOS 16.7/17.0.1,i watchOS 9.6.3/10.0.1 by approaching one certificate validation issues And through improvements to checks.
The security update is available to all owners of iPhone, iPad, Apple Watch, Mac that have the latest operating systems installed. iOS / iPadOS 17, watchOS 10, macOS Sonoma (Beta, currently).
To update the operating system, go on the device to: “Settings” > “General” > “Software Update".