Apple patches two actively exploited security flaws with iOS 16.5.1 and more

Coming with the release iOS 16.5.1, macOS 13.4.1, and more today, Apple has shipped two important fixes for security flaws. The updates arrive for devices on the latest public software and those on older versions of its software. Notably, Apple has heard the flaws have been actively exploited.

Some of my favorite gear

eufyCam with HomeKit Secure Video

Protect your home with HomeKit Secure Video, a wireless design, and no monthly fee.

The main user-facing feature coming with iOS 16.5.1 is a fix for a bug with the Lightning to USB Camera Adapter.

However, for almost all of Apple’s devices including iPhone 6s and later, modern iPads and Macs, and even Apple Watches, there are two important security patches that come with the latest updates.

Two patches for exploited security flaws

The first flaw patch is for a vulnerability that allows the execution of arbitrary code with kernel privileges. And the second is a WebKit flaw fix that stops maliciously crafted web content from being able to execute arbitrary code.

Apple says it is aware of reports stating both flaws have been actively exploited, so make sure to update your devices as soon as possible.

Some of my favorite gear

Apple Studio Display

Apple's beautiful 5K monitor that's perfect for your Mac.

Here are the fine details:

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.

Some of my favorite gear

Apple home key Aqara Smart Lock

Upgrade your lock with Apple home key, HomeKit, and fingerprint smarts.

Description: An integer overflow was addressed with improved input validation.

CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Some of my favorite gear

AirPods Pro 2

Best wireless earphones with active noise-cancellation, great sound quality, and

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher

FTC: We use income earning auto affiliate links. More.