Today, Apple released a critical update to fix a single, already exploited, WebKit vulnerability. The patch was released for current versions of iOS, macOS, and visionOS. A standalone update for Safari was also made available, which will help address this issue in macOS 13 and 14 (Ventura, Sonoma). 

Apple states that this vulnerability may be used to break out of the Web Content sandbox. The attack was initially addressed in iOS 17.2, but this additional fix is "supplementary." The vulnerability was used in targeted attacks against iOS before 17.2.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|