Skip to main content

Apple patches two actively exploited security flaws with iOS 16.5.1 and more

Coming with the release iOS 16.5.1, macOS 13.4.1, and more today, Apple has shipped two important fixes for security flaws. The updates arrive for devices on the latest public software and those on older versions of its software. Notably, Apple has heard the flaws have been actively exploited.

The main user-facing feature coming with iOS 16.5.1 is a fix for a bug with the Lightning to USB Camera Adapter.

However, for almost all of Apple’s devices including iPhone 6s and later, modern iPads and Macs, and even Apple Watches, there are two important security patches that come with the latest updates.

Two patches for exploited security flaws

The first flaw patch is for a vulnerability that allows the execution of arbitrary code with kernel privileges. And the second is a WebKit flaw fix that stops maliciously crafted web content from being able to execute arbitrary code.

Apple says it is aware of reports stating both flaws have been actively exploited, so make sure to update your devices as soon as possible.

Here are the fine details:

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Description: An integer overflow was addressed with improved input validation.

CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.