Apple has released security patches to mitigate critical vulnerabilities (CVE-2023-42916 & CVE-2023-42917) affecting WebKit Browser Engine.
The National Telecommunication and Information Security Board (NTISB) has issued Cyber Security Advisory while saying that CVE-2023-42916 & CVE-2023-42917 is being actively exploited by threat actors to access sensitive data and execution of arbitrary code through crafted webpages on unpatched devices.
It further stated that Apple iPhone, iPad and iPod running iOS versions (16.7.3 or older) are affected by the above-mentioned vulnerabilities and consequently patches / updated versions are available.
Recommendations
All users are advised to ensure the following:
- Specific Safety Steps
- CVE-2023-42916 & CVE-2023-42917 have been patched in iOS version 17.2. therefore, all Apple users should immediately upgrade to iOS latest version (17.2 or above) from the official Apple Store.
- Enable Lockdown Mode (optional; extreme protection mode) to block a cyber-attack.
- Generic Security Steps for Apple Users
- Protect devices with strong passcodes and use two-factor authentication on Apple ID.
- Install apps from the official Apple Store only to avoid malware/infection.
- Use anonymity-based solutions (over the internet while surfing) and mask identity of key appointment holders/individuals.
- Always disable location from Apple devices/
- Subscribe to Apple’s security bulletins, threat notifications and auto OS update features.
- References. Latest Cyber Security Platforms including The Hacker News, Bleeping Computer, Security Week, CSIRTs etc
