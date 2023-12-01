Apple has released patches for a couple of security issues found within its Webkit web browser engine that the iPhone maker believes have had zero day exploitations.

Tracking them as CVE-2023-42916, and CVE-2023-42917, Apple said these vulnerabilities can be exploited while processing web content to leak sensitive information and execute arbitrary codes, respectively.

"Apple is aware of report(s) that the issue(s) may have been exploited against versions of iOS before iOS 16.7.1," Apple said in the software release note.

To address the bugs, Apple has released patched updates for iOS, iPadOS, macOS, and Safari web browser.

Flaws allow info stealing and arbitrary code execution

Apple described that the CVE-2023-42916 allowed reading out-of-bounds memory while processing web content through an affected Webkit that could be exploited to leak sensitive browser information. CVE-2023-42917 was tagged as a memory corruption bug that could allow arbitrary code execution.

CVE-2023-42916 and CVE-2023-42917 were respectively patched with improved input validation and locking, according to Apple.