- Apple has released critical security updates in iOS 16.5.1 and iPadOS 16.5.1 to address vulnerabilities that could allow arbitrary code execution.
- Users are strongly encouraged to update their devices to the latest versions to safeguard against potential exploitation of these security flaws.
Apple has rolled out iOS 16.5.1 and iPadOS 16.5.1, addressing critical security vulnerabilities that could allow attackers to execute arbitrary code. The updates are available for iPhone 8 and later models, iPad Pro, iPad Air (3rd generation and later), iPad (5th generation and later), and iPad mini (5th generation and later).
Apple’s approach to security involves not disclosing or discussing security issues until a thorough investigation has been conducted and patches are released. The company references vulnerabilities using CVE-IDs where possible.
One of the addressed issues pertains to the kernel. The vulnerability could have allowed an app to execute arbitrary code with kernel privileges. Apple is aware that this issue might have been exploited in versions of iOS released prior to iOS 15.7. The flaw involved an integer overflow which has now been addressed with improved input validation. This vulnerability is designated as CVE-2023-32434 and was reported by Georgy Kucherin, Leonid Bezvershenko, and Boris Larin of Kaspersky.
The second vulnerability is within WebKit, the browser engine used by Safari. It could have allowed the execution of arbitrary code through the processing of maliciously crafted web content. Similar to the kernel issue, Apple has received reports that this vulnerability may also have been actively exploited. The issue involved type confusion and has been resolved with improved checks. This vulnerability is designated as CVE-2023-32439 and was reported by an anonymous researcher.
Users are urged to update to iOS 16.5.1 and iPadOS 16.5.1 as soon as possible to protect their devices from these vulnerabilities. To install the updates, users should go to Settings > General > Software Update on their devices.