1 min

Tags in this article

, , ,

Apple recently released fixes for two zero-day vulnerabilities that may already be exploited by hackers. The vulnerabilities apply to virtually all Apple devices.

The two zero-day vulnerabilities, CVE-2023-42916 and CVE-2023-42917, were found in the WebKit browser, according to the tech giant. The vulnerabilities allow hackers to access sensitive information via an out-of-bounds read. They can also execute arbitrary code via a memory corruption bug via malicious websites.

In doing so, Apple states that these specific vulnerabilities were previously exploited in iOS versions prior to iOS 16.7.1.


With the updates now released, iOS versions 17.1.2 for iPhones, version 17.1.2 of iPadOS, macOS Sonoma 14.1.2 and Safari 17.1.2 now feature improved input validation and interlocking.

This latest release of fixes brings the total number of patches of Apple bugs this year to 20. In iOS version 17, the iPhone 15 overheating problem and other zero-day vulnerabilities were fixed earlier.

Most Apple devices affected

The number of Apple devices for which the updates are offered is quite large. For the iPhone, these are the iPhone XS and later models.

For the iPad, these are the iPad Pro 12.9-inch 2nd generation and later models, the iPad Pro 10.5-inch, the iPad Pro 11-inch first generation and later models, the iPad Air third generation and later models, the iPad sixth generation and later models and the iPad mini fifth generation and later models. Also affected are Macs running macOS Monterey, Ventura or Sonoma.