What just happened? Apple has released updates for iOS 16.5.1, iPadOS 16.5.1, and macOS Ventura 13.4.1 this week, addressing several critical zero-day vulnerabilities in the kernel and Webkit. The kernel-level bug, known as CVE-2023-32434, could potentially allow apps to run arbitrary code with kernel privileges. The WebKit bug, tagged as CVE-2023-32439, enables the execution of arbitrary code when processing malicious web content. The company says both bugs may have been actively exploited in the wild.
The updates are available for a slew of iPhones and iPads, including iPhone 8 and later, iPad Pro (all models), iPad Air 3rd-generation and later, iPad 5th-generation and later, and iPad mini 5th-generation and later. The update is also available for devices running macOS Ventura and addresses the same vulnerabilities related to the kernel and WebKit. Additionally, this update rectifies a non-security related bug which prevented charging via the Lightning to USB 3 Camera Adapter.
Apple also released critical security updates for some of its older operating systems, including iOS and iPadOS 15, as well as macOS 12 Monterey and macOS 11 Big Sur. The incoming updates (iOS 15.7.7, iPadOS 15.7.7, macOS 11.7.8 and 12.6.7) fix the same kernel-level flaw as described above. This is the only update available for the older systems as they are not affected by the WebKit vulnerability.
The devices eligible to get the incoming iOS and iPadOS 15.7.7 updates include iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st-generation), iPad Air 2, iPad mini (4th-generation), and iPod touch (7th-generation). On the macOS side, the updates are available for all devices running macOS Big Sur and Monterey.
Apple also rolled out updates for watchOS 8 and watchOS 9 with a fix for the kernel bug. In the first case, the watchOS 8.8.1 update is available for the Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE, while in the second case, the watchOS 9.5.2 update has been rolled out for Watch Series 4 and later models.
Apple has corrected a total of nine zero-day vulnerabilities across its product range this year, some of which were potentially being exploited. Due to the severity of these latest bugs, and evidence of active exploitation, it is strongly advised that users promptly install these updates on their devices.