Apple has released security updates to fix two actively exploited vulnerabilities in its WebKit browser engine.
“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” the company said in an advisory issued on Wednesday.
The vulnerabilities, tracked as CVE-2023-42916 and CVE-2023-42917, could allow attackers to gain access to sensitive information or execute arbitrary code on affected devices.
CVE-2023-42916 is an out-of-bounds read vulnerability that could allow attackers to disclose sensitive information when processing web content. CVE-2023-42917 is a memory corruption vulnerability that could allow attackers to execute arbitrary code when processing web content.
