Apple WebKit Out-of-Bounds Write Vulnerability Allowing Sandbox Escape

A vulnerability in WebKit, the engine behind Safari and other Apple applications, allows maliciously crafted web content to break out of the Web Content sandbox. This out-of-bounds write issue could lead to unauthorized actions. The vulnerability has been addressed with improved checks to prevent exploitation. Notably, this issue is a supplementary fix for an attack that was blocked in iOS 17.2. Apple is aware of reports that this vulnerability may have been exploited in a sophisticated attack against targeted individuals on versions of iOS prior to 17.2.

Impact

Exploitation of this vulnerability could allow malicious web content to escape the Web Content sandbox, potentially leading to unauthorized actions or access to sensitive information.

Remediation

Users can update to the latest versions of iOS, iPadOS, macOS Sequoia, Safari, watchOS, and visionOS. Instructions for updating these operating systems are available on the Apple Support website.