Skip to main content

Apple patches two actively exploited security flaws with iOS 16.5.1 and more

Avatar for Michael Potuck  | Jun 21 2023 - 10:37 am PT
0 Comments
check passwords and improve security

Coming with the release iOS 16.5.1, macOS 13.4.1, and more today, Apple has shipped two important fixes for security flaws. The updates arrive for devices on the latest public software and those on older versions of its software. Notably, Apple has heard the flaws have been actively exploited.

The main user-facing feature coming with iOS 16.5.1 is a fix for a bug with the Lightning to USB Camera Adapter.

However, for almost all of Apple’s devices including iPhone 6s and later, modern iPads and Macs, and even Apple Watches, there are two important security patches that come with the latest updates.

Two patches for exploited security flaws

The first flaw patch is for a vulnerability that allows the execution of arbitrary code with kernel privileges. And the second is a WebKit flaw fix that stops maliciously crafted web content from being able to execute arbitrary code.

Apple says it is aware of reports stating both flaws have been actively exploited, so make sure to update your devices as soon as possible.

Here are the fine details:

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Description: An integer overflow was addressed with improved input validation.

CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

iOS

iOS

iOS is Apple's mobile operating system that runs…
watchOS

watchOS

Apple's software platform for its wrist-worn wea…
Security macOS

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.

Michael Potuck's favorite gear

Satechi USB-C Charger (4 ports)

Satechi USB-C Charger (4 ports)

Really useful USB-C + USB-A charger for home/work and travel.

Apple Leather MagSafe Wallet

Apple Leather MagSafe Wallet

My slim wallet of choice for iPhone 12

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing