[ad_1]
Researchers in Google’s Menace Evaluation Group have been as busy as ever, with discoveries which have led to the disclosure of three high-severity zero-day vulnerabilities below lively exploitation in Apple OSes and the Chrome browser within the span of 48 hours.
Apple on Thursday mentioned it was releasing safety updates fixing two vulnerabilities current in iOS, macOS, and iPadOS. Each of them reside in WebKit, the engine that drives Safari and a variety of different apps, together with Apple Mail, the App Retailer, and all browsers operating on iPhones and iPads. Whereas the replace applies to all supported variations of Apple OSes, Thursday’s disclosure instructed in-the-wild assaults exploiting the vulnerabilities focused earlier variations of iOS.
“Apple is conscious of a report that this situation could have been exploited in opposition to variations of iOS earlier than iOS 16.7.1,” Apple officers wrote of each vulnerabilities, that are tracked as CVE-2023-42916 and CVE-2023-42917.
CVE-2023-42916 is an out-of-bounds learn that permits hackers to acquire delicate info when WebKit-powered apps course of specifically crafted on-line content material. CVE-2023-42917 is a reminiscence corruption flaw that causes weak units to execute malicious code when processing hacker-created content material for a WebKit app. Apple credited TAG’s Clément Lecigne with discovery of each vulnerabilities. Neither Apple nor Google offered particulars concerning the zero-day assaults.
On Tuesday, Google mentioned it was releasing an replace that fastened seven Chrome vulnerabilities, considered one of which was a zeroday, that means Google realized of it after exploits have been already obtainable within the wild. Google offered no extra particulars associated to the zero-day.
The bug, tracked as CVE-2023-6345, stems from an integer overflow, a typical class of vulnerability that permits hackers to execute malicious code when targets course of specifically crafted content material. The vulnerability resides within the Skia element of the browser. Google credited TAG’s Benoît Sevens and Clément Lecigne for reporting the vulnerability.
Each the Apple and Google updates are being routinely pushed to affected units. The updates are put in when customers reboot their system or restart their browser. Customers are prone to obtain notifications if sufficient time passes with out a restart. iOS, macOS, and iPadOS customers can manually set up updates by accessing system settings and choosing the Common tab. To manually set up the Chrome replace, select the three vertical dots on the highest proper of the window and select replace.
[ad_2]
