Apple released new versions of their latest OSes today addressing two vulnerabilities: CVE-2022-40303, and CVE-2022-40304. Both CVEs address libxml2 vulnerabilities and were discovered by Google Project Zero’s team. The impact of both vulnerabilities are that “A remote user may be able to cause unexpected app termination or arbitrary code execution”. From the very nature of this description and history, these vulnerabilities can be leveraged to cause significant disruption or compromise when combined with other vulnerabilities and/or denial of service. No prominent CVE databases have been updated at this time for more details nor has there been any statements from Apple at this time regarding the possible exploitation of these vulnerabilities in the wild yet.
It is highly recommended to update your operating systems and stay on the latest version of macOS, iOS, and iPadOS as possible.
For more information on these security update, please visit Apple’s Security content pages here for macOS Ventura 13.0.1 and here for iOS/iPadOS 16.1.1.
For instructions on how to update macOS, please visit this page. Instructions for updating iOS and iPadOS are located here.