Apple patch fixes two actively exploited security issues for iPhones, iPads, and MacBooks — how to download it now

Often the latest update for your iPhone, iPad, or MacBook is just giving you some new emoji or maybe the classic “bug fixes,” so who cares if it waits a day or two, but not so with the iOS 16.4.1, iPad OS 16.4.1, and macOS Ventura 13.3.1 updates going out today.

These updates contain patches for two security issues, which again wouldn’t necessarily be an emergency, but both are believed to have been actively exploited in the wild, so they present an immediate threat to your devices and you should update now to avoid the threat (via AppleInsider).

How to update your iPhone or iPad to iOS/iPadOS 16.4.1

1. Open Settings
2. Select General
3.
Tap on Software Update
4.
Select Download and Install

How to update your MacBook to MacOS Ventura 13.3.1

1. Click on the Apple Menu in the upper left-corner of your status bar
2. Select System Preferences
3.
Click Software Update

(Image credit: Getty)What are these actively exploited security threats?

Apple provided the full details regarding each of the exploits on its security updates page (opens in new tab):

IOSurfaceAccelerator

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Today’s best Apple AirPods Pro 2nd Generation deals



Source

About the Author:

You might like

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.