"Apple Patches Code Execution Vulnerability in iOS, macOS"

Apple has recently released fresh security updates for iOS and macOS devices to resolve an arbitrary code execution vulnerability.  The issue, tracked as CVE-2024-1580 and described as an integer overflow leading to out-of-bounds write, impacts the CoreMedia and WebRTC components of both iOS and macOS and could be triggered during image processing.  Apple noted that the security defect is not specific to Apple’s products but affects the dav1d open-source AV1 cross-platform decoder, which was resolved in dav1d version 1.4.0 in February.  Apple warns that the issue could be exploited to achieve arbitrary code execution during the processing of an image and says it has addressed it with improved input validation.  The tech giant has included patches for the bug in iOS and iPadOS 17.4.1, iOS and iPadOS 16.7.7, visionOS 1.1.1, macOS Sonoma 14.4.1, macOS Ventura 13.6.6, and Safari 17.4.1 (for macOS Monterey and macOS Ventura).  CVE-2024-1580 is a medium-severity vulnerability.  Apple did not mention whether the bug was being exploited in attacks. 

SecurityWeek reports: "Apple Patches Code Execution Vulnerability in iOS, macOS"