Apple has released security updates for Apple iOS 16.5.1, macOS Ventura 13.4.1, macOS Monterey 12.6.7, Safari 16.5.1, Big Sur 11.7.8, and other products. In addition, multiple zero-day fixes were also addressed.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
iOS 16.5.1 and iPadOS 16.5.1
The latest iOS 16.5.1 and iPadOS 16.5.1 security update fixed two zero-day vulnerabilities. One of those, a Kernel vulnerability CVE-2023-32434, could allow a malicious app to execute arbitrary code with kernel privileges. The other zero-day CVE-2023-32439 affects WebKit.
Apple is aware of a report that each of these vulnerabilities may have been actively exploited.
The update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
iOS 15.7.7 and iPadOS 15.7.7
Apple also addressed the same Kernel and WebKit zero-day vulnerabilities (CVE-2023-32434 and CVE-2023-32439) in iOS 15.7.7 and iPadOS 15.7.7.
Moreover, the older iOS updates also fixed second Kernel zero-day issue CVE-2023-32435 that may have been actively exploited against versions of iOS released before iOS 15.7.
The update is available for older iPhones: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
macOS Ventura 13.4.1
Similar to iOS, Apple also fixed CVE-2023-32434 and CVE-2023-32439 in latest security update for macOS Ventura 13.4.1.
Apple warned these issues have known exploits in the wild.
Finally, Apple released additional security updates for these products:
- Safari 16.5.1 (macOS Big Sur and macOS Monterey)
- macOS Monterey 12.6.7
- macOS Big Sur 11.7.8
- watchOS 9.5.2
- watchOS 8.8.1.
Readers can check out additional details by visiting Apple’s Security Updates page.