- Apple urges iPhone and iPad users to immediately update to iOS 16.5 and iPadOS 16.5 to protect against three zero-day exploits related to the WebKit browser engine.
- The identified vulnerabilities increase the risk of unauthorized access to personal data and allow arbitrary code execution attacks on unpatched devices.
- More than 30 additional vulnerabilities are addressed in this critical security update to protect Apple users.
According to a recently released security bulletin, Apple users are urged to install any available iOS updates immediately. The recommendation is based on the identification of three zero-day exploits, which are being actively exploited on unpatched devices. In addition to addressing these exploits, the update also fixes more than 30 vulnerabilities present in the recent version of iOS 16.4.
Zero-day exploits related to the WebKit browser engine
Apple has urged iPhone and iPad users to update to iOS 16.5 and iPadOS 16.5 immediately to mitigate three zero-day exploits. These vulnerabilities are directly related to the WebKit browser engine and are described as follows:
- CVE-2023-32409: Allows a remote attacker to escape the web content security sandbox.
- CVE-2023-28204: Tampering with web content can reveal sensitive information.
- CVE-2023-32373: Rendering maliciously crafted web content can lead to arbitrary code execution.
These identified vulnerabilities increase the risk of users’ personal data and information being accessible to unauthorized third parties.
In addition, security holes can allow attackers to carry out arbitrary code execution attacks, which involves executing malicious code or commands on a targeted machine or process.
Widespread impact and affected Apple devices
Earlier this year, Apple was reported to have passed the two billion active device mark, demonstrating the widespread adoption of its products. Due to the nature of these vulnerabilities, the WebKit browser engine exploit could affect a large portion of these two billion devices.
Devices susceptible to the identified vulnerabilities include:
- All iPad Pro models
- iPad Air (3rd generation and later)
- iPad 5th generation and later
- iPad Mini (5th generation and later)
- iPhone 6s and later models
- Mac workstations and laptops with macOS Big Sur, Monterey, and Ventura
- Apple Watch (series 4 and later)
- Apple TV 4K and HD
Importance of manually updating devices
Many users have already received automatic iOS updates through Apple’s Rapid Security Response system. However, some phones and tablets may still be waiting for these automatic updates due to connectivity or geographic region.
Therefore, these users are strongly recommended to manually update their devices to version 16.5. To do so, just open the Settings application, go to General and, finally, Software Update.