This week’s security alert exhorts Apple users to instantly install any available iOS updates. The advice was given following the discovery of three zero-day exploits by researchers, all of which are already being used against unpatched devices.
The update also fixes more than 30 more flaws discovered in the most recent iOS 16.4 release.
In order to mitigate three zero-day exploits, Apple recommends iPhone and iPad owners to update immediately to iOS 16.5 and iPadOS 16.5 respectively. The following are the vulnerabilities that are directly related to the WebKit browser engine:
- CVE-2023-32409 – a remote attacker may break out of the Web Content security sandbox
- CVE-2023-28204 – processing web content may disclose sensitive information
- CVE-2023-32373 – processing maliciously crafted web content may lead to arbitrary code execution
Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities: CVE-2023-28204, CVE-2023-32409 and CVE-2023-32373https://t.co/DIUrjX0X9C
— SecurityWeek (@SecurityWeek) May 20, 2023
Apple Warns Against Identified Bugs
The vulnerabilities found raise the possibility of unauthorised third parties gaining access to user data and personal information.
As a result of the security flaws, malicious parties may carry out arbitrary code execution attacks in order to execute any command or piece of code on a target machine or process.
Apple apparently passed the two billion active device mark earlier this year, a milestone illustrative of the scale of the problem the company is grappling with.
The WebKit browser engine attack may have a significant impact on a significant portion of these two billion devices because of the nature of the vulnerabilities. The following devices are affected by the discovered exploits:
- All iPad Pro models
- iPad Air (3rd generation and later)
- iPad 5th (generation and later)
- iPad Mini (5th generation and later)
- iPhone 6s and later models
- Mac workstations and laptops running macOS, Big Sur, Monterey, and Ventura
- Apple Watch (series 4 and later)
- Apple TV 4K and HD
Through Apple’s Rapid Security Response system, a large number of consumers have already gotten the automated iOS updates. Some users’ phones and tablets might still be waiting for the automatic updates, which are typically deployed by geographic region and affected by connection.
They are urged to manually update their phones to version 16.5 in this case. Open the Settings app and go to General > Software Update to do this. Give your phone a few minutes to finish its work after selecting download and installation.
Making ensuring all of your other Apple devices are updated is also excellent hygiene. The ability to manually download updates is included in the same location on all devices, under Settings > General > Software Update, making updating simple.
To read our blog on “Apple is testing the first 12 CPU cores M3 Pro Macs,” click here.
