Apple urges iPhone and iPad users to update to iOS 16.5 and iPadOS 16.5 immediately to mitigate three zero-day exploits. The vulnerabilities are directly related to the WebKit browser engine and include the following:
- CVE-2023-32409 – a remote attacker may break out of the Web Content security sandbox
- CVE-2023-28204 – processing web content may disclose sensitive information
- CVE-2023-32373 – processing maliciously crafted web content may lead to arbitrary code execution
The identified vulnerabilities increase the risk of users’ data and personal information being made accessible to unauthorized 3rd parties. The security holes can also allow bad actors to launch arbitrary code execution attacks to run any command or code on a target machine or process.
Earlier this year, Apple reportedly crossed the two billion active device mark, a milestone demonstrating just how widespread an issue Apple faces. Due to the nature of the vulnerabilities, the WebKit browser engine exploit could affect a large cross-section of these two billion devices. Devices impacted by the identified exploits include:
- All iPad Pro models
- iPad Air (3rd generation and later)
- iPad 5th (generation and later)
- iPad Mini (5th generation and later)
- iPhone 6s and later models
- Mac workstations and laptops running macOS, Big Sur, Monterey, and Ventura
- Apple Watch (series 4 and later)
- Apple TV 4K and HD
Many users have already received the iOS automatic updates via Apple’s Rapid Security Response system. Typically deployed by geographic region and impacted by connectivity, some users’ phones and tablets may still be waiting for the automatic updates. Those users are encouraged manually update their phones to version 16.5. To do this, open the Settings app and navigate to General > Software Update. Tap download and install, then give your phone a few minutes to do its thing.
It is also good hygiene to ensure all your other Apple devices are up-to-date. Updating is easy since the option to download updates manually resides in the same place on all devices – under Settings > General > Software Update.