Apple has released security patches aimed at addressing critical vulnerabilities (CVE-2023-42916 & CVE-2023-42917) affecting its WebKit Browser Engine. The National Telecommunication and Information Security Board (NTISB) issued a Cyber Security Advisory, warning that threat actors are actively exploiting CVE-2023-42916 & CVE-2023-42917 to gain access to sensitive data and execute arbitrary code through crafted webpages on devices that haven’t been patched.
According to NTISB, Apple iPhone, iPad, and iPod devices running iOS versions 16.7.3 or older are susceptible to these vulnerabilities. As a result, patches and updated versions are now available.
Users are strongly advised to take the following precautions: Ensure immediate upgrade to iOS latest version (17.2 or above) from the official Apple Store to mitigate CVE-2023-42916 & CVE-2023-42917, as these vulnerabilities have been patched in iOS version 17.2. Consider enabling Lockdown Mode, an optional but highly protective measure, to block potential cyber-attacks.
Adhere to generic security measures for Apple users: Protect devices with strong passcodes and enable two-factor authentication for Apple ID to enhance security. Download apps exclusively from the official Apple Store to minimize the risk of malware or infection. Utilize anonymity-based solutions while browsing the internet and consider masking the identity of key individuals. Disable location services on Apple devices to safeguard privacy.
Stay updated on Apple’s security bulletins, threat notifications, and utilize auto OS update features for timely patch deployment. Refer to reputable sources for cybersecurity news and advisories, such as The Hacker News, Bleeping Computer, Security Week, and CSIRTs.
By implementing these recommendations, users can fortify their devices against potential security threats and enhance their overall cybersecurity posture.
