Apple pivots from polished iOS unveilings to firefight active exploitation of two zero-day Safari threats enabling data theft or device hijacking. The company rapidly issued surprise iOS 17.1.2 patches to quell attacks targeting the browser engine flaws reported by Google’s elite hacking unit.
The urgent update lands amidst Apple’s multi-month transition nudging users toward adopting iOS 17. Hence the company temporarily shifted focus from touting features to broadcasting danger by dispatching fixes out of band from the regular release schedule.
Because the two mysteries flaws (dubbed CVE-2023-42916 and CVE-2023-42917) represented burning platforms with evidence of real-world weaponization. Google Threat Analysis flagged them as central to cyber incident response, necessitating immediate action.
Both weaknesses centered on WebKit, the technology rendering web content across not only Safari but also Mail, App Store and more. Successful exploitation could have enabled anything from data extraction to device takeover via malicious code execution.
So Apple had zero choice but to rush patches bypassing the iOS 17 gradual uptake plan. Advising rapid 17.1.2 adoption for all devices able to upgrade, including 4 year old X models. And hinting the threats remain active in the wild, likely deployed by sophisticated nation state groups rather than wide circulation.
The extremely rare instance of Apple-Google collaboration addressing active zero days underscores the critical nature. With spies leveraging Safari against users, privacy and rights hang in the balance until users update. Given both tech giants urged action, not words can fully convey the risks continuing to lurk for backward versions.
So waste no time applying Apple’s emergency iOS update to thwart intrusion. Smooth-talking hackers have already put new Safari holes to nefarious use, and won’t hesitate to target tardy updaters next.