blog posts

Fixed Two Security Flaws In The New iOS Update

Fixed Two Security Flaws In The New iOS Update

With The Release Of iOS 16.5.1 And Later Versions Today, Apple Has Provided Fixes To Fix Two iOS Security Flaws.

These updates have been released for devices that use the latest version of the public software, as well as devices that use older versions. Significantly, Apple has heard that the flaws are being actively exploited.

The main user-related feature in iOS 16.5.1 is a bug fix in the Lightning to USB camera adapter.

But for almost all Apple devices, including iPhone 6s and later, modern iPads and Macs, and even Apple smartwatches, two important security fixes come with the latest updates.

The first is fixing a flaw that allowed arbitrary code execution with kernel privileges. And the second is a modification to WebKit that prevents maliciously designed web content from executing arbitrary code.

Apple says it’s aware of reports that both flaws are being actively exploited, so be sure to update your devices.

Here are the exact details:

Kernel _

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later.

Impact: This capability in an application may lead to arbitrary code execution with kernel privileges. Apple is aware of a report that states that this problem may be actively exploited on iOS versions released before iOS 15.7.

Description: An integer overflow was addressed with improved input validation.

CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

 

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report stating that this issue may have been actively exploited.

Description: Fixed an issue with improved checks.