// #webkit
2 articles
Apple Releases Safari and WebKit Security Update Patching Memory Corruption and CSP Bypass Vulnerabilities
Apple released a security update for Safari and WebKit on 13 May addressing more than ten vulnerabilities including memory corruption flaws enabling potential arbitrary code execution and a Content Security Policy bypass allowing cross-origin data access. The update applies to macOS Ventura, Sonoma, Sequoia, iOS, and iPadOS. Users should update immediately given WebKit's role as the rendering engine for all iOS browsers.
DarkSword Apple Exploit Chain Adds Three CVEs to CISA KEV — Federal Deadline April 3
CISA has added three vulnerabilities from the DarkSword iOS/macOS exploit chain to its Known Exploited Vulnerabilities catalogue, mandating federal agencies patch all Apple devices by 3 April. DarkSword is a multi-stage attack framework linking six chained vulnerabilities to achieve full kernel compromise across iOS, iPadOS, macOS, watchOS, and tvOS — with no user interaction required beyond visiting a malicious webpage.