Apple patches zero-day vulnerabilities in iOS 16.6, macOS Ventura 13.5, and other products

Apple has released security updates for Apple iOS 16.6, macOS Ventura 13.5, macOS Monterey 12.6.8, Safari 16.6, Big Sur 11.7.9, and other products. In addition, multiple zero-day fixes were also addressed.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

iOS 16.6 and iPadOS 16.6

The latest iOS 16.6 and iPadOS 16.6 security updaterReleased July 24, 2023, fixed 33 vulnerabilities, two zero-day vulnerabilities. One of the zero-days, a WebKit vulnerability CVE-2023-37450, could allow the processing of web content to lead to arbitrary code execution. Apple is aware of a report this issue may have been actively exploited.

The other zero-day, a Kernel vulnerability CVE-2023-38606, could allow a malicious app to modify sensitive kernel state.

“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.”

The update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

macOS Ventura 13.5

Similar to iOS, Apple also fixed CVE-2023-37450 and CVE-2023-38606, along with 55 other vulnerabilities, in latest security update for macOS Ventura 13.5.

Apple warned these issues have known exploits in the wild.

Other CVEs

Finally, Apple released additional security updates for these products:

Readers can check out additional details by visiting Apple’s Security Updates page.

Related Articles