Apple's latest iOS, iPadOS, macOS updates fixed an actively used exploit

Posted:
in iOS
On Thursday, Apple's updates to all of its operating systems included some new features -- but more importantly, a severe security flaw that was actively being exploited was stopped in its tracks.

Apple issues latest security patches
Apple issues latest security patches


On Thursday, Apple released iOS 16.5, iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4, and tvOS 16.5. The primary new element is a brand new "Sports" tab in the Apple News app, along with new features for Siri and the Apple TV app.

However, in addition to all that, the new software updates also include patches for potentially exploited issues, all related to WebKit. The patches are present across all the updated software, and, as such, users should make sure to update their devices as soon as possible.

Two of the three exploits were initially patched with Apple's rapid security response with the public release of iOS 16.4.1 in April. This latest update should make sure everyone is covered moving forward, even if they didn't update their devices with that particular software patch.

To update your iOS and macOS devices, open Settings --> General --> Software Update and follow the onscreen instructions. If you have Automatic Updates switched on, your devices will update the next time they are charging.

The patch notes for iOS/iPadOS are below, but the exploits are the same across all of the major releases:

WebKit


  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

  • Description: The issue was addressed with improved bounds checks.

  • WebKit Bugzilla: 255350
    CVE-2023-32409: Clement Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill of Amnesty International's Security Lab

WebKit


  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

  • Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

  • Description: An out-of-bounds read was addressed with improved input validation.

  • WebKit Bugzilla: 254930
    CVE-2023-28204: an anonymous researcher

WebKit


  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

  • Description: A use-after-free issue was addressed with improved memory management.

  • WebKit Bugzilla: 254840
    CVE-2023-32373: an anonymous researcher
The software updates are available to download now.

Read on AppleInsider

Comments

  • Reply 1 of 4
    dewmedewme Posts: 5,416member
    Reason enough to update sooner rather than later...
    watto_cobra
  • Reply 2 of 4
    MacOS 13.4 install hung at “5 minutes to go” multiple times for me. I gave up.

     Anyone else?
    williamlondonwatto_cobra
  • Reply 3 of 4
    chasmchasm Posts: 3,335member
    MacOS 13.4 install hung at “5 minutes to go” multiple times for me. I gave up.

     Anyone else?
    That’s because everyone is trying to download the update all at once.

    Come back to it tonight or tomorrow.
    williamlondonwatto_cobra
  • Reply 4 of 4
    MaxLe0p0ldMaxLe0p0ld Posts: 31unconfirmed, member
    Download & Install on several iMacs from 2017 to to-date
    + MacBookPros from 2019 to to-date ALL worked fine !

    I am wondering, if the FTP Issue for mapped Drives has been Fixed?
    watto_cobra
Sign In or Register to comment.