Apple has patched a total of 20 zero-day vulnerabilities on iPhone this year

In the latest announcement on November 30, Apple said it had received reports that the vulnerability could have been exploited for iOS versions prior to 16.7.1.

These two vulnerabilities were discovered in the WebKit browser engine (CVE-2023-42916 and CVE-2023-42917), allowing attackers to access sensitive information as well as execute arbitrary code on infected devices.

The iPhone maker also announced that it has fixed security vulnerabilities on devices running iOS 17.1.2, iPadOS 17.1.2, macOS Sonata 14.1.2, and Safari 17.1.2.

The list of affected Apple devices is quite extensive, including: iPhone XS and later; iPad Pro 10.5-inch, iPad Pro 11-inch (first generation and later), iPad Pro 12.9-inch (second generation and later), iPad Air 3rd generation and later, iPad 6 and later, iPad mini 5 and later; Mac computers running macOS Monterey, Sonata, and Ventura.

This vulnerability was discovered and reported to Apple by security researcher Clément Lecigne of Google's Threat Analysis Group (TAG). Thus, since the beginning of the year, there have been a total of 20 zero-day vulnerabilities targeting the company's devices.

Additionally, Google TAG also disclosed another zero-day vulnerability in the XNU kernel, which Citizen Lab and Google TAG reported. Citizen Lab reported two other zero-day vulnerabilities that were patched in September.

To update the vulnerability patch, iPhone users should go to Settings > General > Software Update and select the time now or tonight.