Site icon USA Tech Blog

Apple Security Alert- Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Alena Jackson
Apple Security Alert- Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari 1

Apple has addressed and resolved two security vulnerabilities that were actively exploited through the release of iOS 16.5.1. This update, along with macOS 13.4.1 and more, introduces crucial fixes for these flaws. The updates are available for both the latest public software versions and older iterations. Notably, Apple acknowledges that these vulnerabilities have been targeted by malicious actors.

Among the user-facing enhancements in iOS 16.5.1, a bug concerning the Lightning to USB Camera Adapter has been rectified. However, for a comprehensive security boost across various Apple devices—including iPhone 6s and newer models, modern iPads and Macs, and even Apple Watches—two significant security patches are included in the latest updates.

These patches address the following exploited security flaws:

  1. The first patch resolves a vulnerability that permits the execution of arbitrary code with kernel privileges.
  2. The second patch corrects a WebKit flaw that prevents the execution of arbitrary code through maliciously crafted web content.

Apple is cognizant of reports indicating the active exploitation of both flaws. Therefore, it is strongly advised to promptly update your devices to ensure their security. 

Here are the specific details:

Kernel:

  • Compatible devices: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
  • Impact: An application may have the ability to execute arbitrary code with kernel privileges. Apple has received information suggesting that this issue might have been exploited in previous versions of iOS released prior to iOS 15.7.
  • Description: An integer overflow has been resolved by implementing improved input validation.

WebKit:

  • Compatible devices: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
  • Impact: The processing of maliciously crafted web content may result in the execution of arbitrary code.
  • Description: A type confusion issue has been addressed by implementing enhanced checks.

Please ensure that you update your devices as soon as possible to mitigate the risks associated with these security vulnerabilities. Check here for complete Apple security updates. 

Exit mobile version