bleepingcomputer[.]com/news/apple/apple-fixes-first-zero-day-bug-exploited-in-attacks-this-year/
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.The zero-day fixed today is tracked as CVE-2024-23222 [iOS, macOS, tvOS, Safari] and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices.
Successful exploitation enables threat actors to execute arbitrary malicious code on devices running vulnerable iOS, macOS, and tvOS versions after opening a malicious web page.
"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.
The complete list of devices impacted by this WebKit zero-day is quite extensive, as the bug affects older and newer models, including:iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Macs running macOS Monterey and later
Apple TV HD and Apple TV 4K (all models)While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.
Today, Apple also backported patches to older iPhone and iPad models for two other WebKit zero-days (CVE-2023-42916 and CVE-2023-42917) patched in November for newer devices.
----------------
zdnet[.]com/article/apple-releases-ios-17-3-with-stolen-device-protection-heres-how-it-can-safeguard-your-iphone/
Released on Monday, iOS 17.3 kicks in a few helpful new features, including Apple Music playlist sharing and AirPlay support for hotel room TVs. But the most significant improvement is one called Stolen Device Protection.
----------------
theverge[.]com/2024/1/22/24047063/iphone-ios-17-3-update-stolen-device-protection
iOS 17.3 is out, and it comes with a new security feature that’s supposed to prevent thieves from taking your iPhone and quickly taking over access to anything stored in iCloud as well as other important accounts like your bank or email. Instead of relying on your lock screen passcode for security (as thieves have learned to trick people into entering it in front of them before they take off with the phone), Stolen Device Protection requires you to scan your fingerprint or use Face ID when performing certain actions, such as viewing saved passwords or applying for a new Apple Card.The feature also introduces a waiting period when performing more sensitive actions, such as changing your Apple ID password or your iPhone passcode. In the iOS 17.3 update note, Apple says, “Security Delay requires Face ID or Touch ID, an hour wait, and then an additional successful biometric authentication” before you can complete the process, ensuring the person who’s performing this action is actually you. Your iPhone will only require this extra layer of authentication when you’re away from “familiar locations such as home or work,” according to Apple.
---------------
theverge[.]com/24047822/ios-apple-iphone-stolen-device-protection-how-to
To take advantage of this new feature, Stolen Device Protection has to be turned on. It’s a simple process:Go to Settings > Face ID & Passcode.
Enter your device passcode.
Look for the link to Turn On Protection and tap it. Stolen Device Protection will now show as being on.