Apple has patched two security issues that it claims have been actively exploited in the wild on earlier versions of its software. The fixes are available for iOS, iPadOS, macOS, and the Safari web browser.
A vulnerability in out-of-bounds reading that might be used to get private data when processing online content is CVE-2023-42916.
A memory corruption flaw called CVE-2023-42917 has the potential to allow arbitrary code execution while handling online content.
Reports have been made, according to Apple, that take use of the flaws “against versions of iOS before iOS 16.7.1,” which was made available on October 10, 2023. The twin weaknesses were found and reported by Clément Lecigne of Google’s Threat Analysis Group (TAG).