"Apple Patches Actively Exploited iOS Zero-Days"

Apple has been forced to patch yet another pair of zero-day vulnerabilities, bringing the total for the year to 20.  The tech giant stated that the two bugs in its WebKit browser engine were being actively exploited in the wild.  The first vulnerability, CVE-2023-42916, is found in a range of Apple products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.  Apple describes the flaw as an “out-of-bounds read,” which Apple addressed with improved input validation.  Apple noted that processing web content may disclose sensitive information.  The second vulnerability, CVE-2023-42917, is a memory corruption flaw in WebKit, which was addressed with “improved locking.” Apple stated that it is present in the same list of products as the first vulnerability.  Apple noted that processing web content may lead to arbitrary code execution.

Infosecurity reports: "Apple Patches Actively Exploited iOS Zero-Days"