WebKit Zero-Day Vulnerabilities Prompt iOS 17.1.2, iPadOS 17.1.2, macOS 14.1.2, and Safari 17.1.2

ace · December 1, 2023, 10:54pm

Originally published at: WebKit Zero-Day Vulnerabilities Prompt iOS 17.1.2, iPadOS 17.1.2, macOS 14.1.2, and Safari 17.1.2 - TidBITS

Apple has released updates to iOS, iPadOS, macOS, and Safari to block a pair of WebKit vulnerabilities that have been exploited in the wild. Don’t panic, but update soon.

nello · December 2, 2023, 10:39am

From the article:

… I’m surprised Apple didn’t use its Rapid Security Response approach

Adam is in good company:

pmvtutor · December 2, 2023, 10:58pm

From original article:

In response to two zero-day vulnerabilities—those found in the wild—identified in WebKit by Clément Lecigne of Google’s Threat Analysis Group, Apple has released iOS 17.1.2 and iPadOS 17.1.2, macOS 14.1.2 Sonoma, and Safari 17.1.2 for macOS 12 Monterey and macOS 13 Ventura.

Please explain: How does updating Sonoma 14.1.2 affect Monterey 12.x or Ventura 13.x?

ddmiller · December 2, 2023, 11:15pm

Updating Safari is what protects Monterey and Ventura.

pmvtutor · December 2, 2023, 11:26pm

ok, thanks.

Simon · December 3, 2023, 4:06pm

What is this malarkey with having to authenticate iCloud in addition to regular authentication after installing the patch? Doesn’t happen on iOS. But happened already for the 2nd time on Sonoma.

ddmiller · December 3, 2023, 9:35pm

It must be something with your account / Mac, because I just installed the update and did not have to re-authenticate with my Apple ID. I was plagued by these on iOS, MacOS and iPadOS a few months ago, when it seemed to happen constantly - but not coinciding with any updates.

ehortop · December 5, 2023, 3:13am

I’m a bit perturbed by that bar chart… the Apple number should be part of the overall bar, not on top of it, which would make the chart both a bit greener and a bit less tall…

livfoss · December 5, 2023, 4:41pm

This may be a very foolish question, but could someone explain exactly what is meant by the term “Zero-Day”? Intuitively it appears to refer to an undetected vulnerability - but I’m not sure if that’s right.

ddmiller · December 5, 2023, 5:25pm

Zero-day means that an exploit is already detected being used “in the wild” when the exploit was revealed or detected. Some exploits are discovered but their use is not detected in the wild already.

Generally and especially with macOS, once a patch is delivered there will be people trying to reverse-engineer what was patched and reveal the exploit anyway, so I’d say once a patch is delivered, it’s going to be exploited very soon anyway.

Halfsmoke · December 5, 2023, 6:37pm

I’d just add that the term refers to the fact that there are zero days available to fix the vulnerability (compare to the Y2K problem, where the need to do something was known well in advance); some organizations or people already have fallen victim to the attack.

ace · December 5, 2023, 9:38pm

Doh! You’re absolutely right, and I’ve regenerated the chart. I spent some time trying to decide if the chart was useful at all, but it seemed to give a better sense of the data than just the numbers.

ehortop · December 5, 2023, 9:51pm

Thanks @ace, that makes my statistician brain quiver quite a bit less

livfoss · December 6, 2023, 4:27pm

Thanks to Doug Miller and Halfsmoke. At least I now know what people are talking about. I was a software engineer, but so long ago that the whole ‘exploit’ concept didn’t yet exist!

ace · December 11, 2023, 9:24pm

In the article, I wrote:

Apple says these vulnerabilities may have been exploited against versions of iOS and iPadOS before 16.7.1, suggesting that the current iOS 16.7.2 and iPadOS 16.7.2 aren’t vulnerable.

So much for that. iOS 16.73 and iPadOS 16.7.3 are now out with fixes for these WebKit vulnerabilities. Install them sooner rather than later.