Apple releases macOS Sonoma 14.1.2 to fix exploited zero-day WebKit flaws

Macworld

With macOS 14.2 still in beta, Apple has released macOS Sonoma 14.1.2 with a pair of critical security Safari updates. Apple only says 14.1.2 includes “important bug fixes and security updates,” but its security update page describes two patches for WebKit flaws that “may have been exploited.”

The two WebKit flaws, which were also patched in iOS and iPadOS with 17.1.2:

WebKit

Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Description: An out-of-bounds read was addressed with improved input validation.

WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google’s Threat Analysis Group

WebKit

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Description: A memory corruption vulnerability was addressed with improved locking.

WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google’s Threat Analysis Group

Apple also released Safari 17.1.2 for macOS Ventura and other versions of macOS before Sonoma. To update to Sonoma 14.1.2 or Safari 17.1.2 in Ventura, head over to System Settings, then General and Software Update, and click Update Now. On pre-Ventura Macs, go to System Preferences and click on the Software Update pane.

MacOS