Apple Security Research

Included with iOS 16.5 comes a variety of important security fixes. There are 39 vulnerabilities addressed in the latest iOS update and Apple notes that three of them were reported as actively exploited.

Apple shared the latest vulnerability fixes on its security updates page. While iOS had the most at 39, macOS with Safari 16.5, watchOS 9.5, and tvOS 16.5 also include important security updates.

So even though there aren’t a lot of new features with the latest updates, they’re important to install.

For iOS, the security updates include patches for everything from kernel to CoreServices, Photos to Sandbox, Siri and Shortcuts, and System Settings to Weather, WiFi, and WebKit.

Here are the three WebKit security patches that fix what are believed to be actively exploited flaws:

Note: fixes for the second and third flaws were first made available with Rapid Security Response with iOS 16.4.1(a) on May 1.

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

Description: The issue was addressed with improved bounds checks.

WebKit Bugzilla: 255350
CVE-2023-32409: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds read was addressed with improved input validation.

WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher

This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a).

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher

This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a).


Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

Read More