iOS 16.4.1 and macOS 13.3.1 address two security vulnerabilities

Software updates —

Apple addressed two issues that opened the door to arbitrary code execution.

Samuel Axon

Three iPhones on a wooden picnic bench, with prominent cameras visible

Enlarge / The backs of the iPhone 14, iPhone 14 Pro, and iPhone 14 Pro Max.

Samuel Axon

Apple has released bug fix and security updates for several of its operating systems, including iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1.

The iOS and iPadOS updates don’t add any new features. Their main purpose is to address two separate major security vulnerabilities, and the release notes include two big fixes.

Apple details the bug fixes as follows:

  • Pushing hands emoji does not show skin tone variations
  • Siri does not respond in some cases

Some users have been complaining vocally about the Siri bug, and Apple says it shouldn’t be a problem anymore. As for the security updates, Apple says both vulnerabilities opened the door to arbitrary code execution, and both have reportedly been actively exploited. The company’s security notes say:

IOSurfaceAccelerator

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.

The macOS update addresses the same security vulnerabilities, and it also fixes the same bug with skin tones in emojis. But it also fixes a bug that impacted the feature that allows you to unlock your Mac with your Apple Watch.

These updates come just 10 days after Apple released iOS 16.4 and macOS Ventura 13.3. Those major updates added new emojis, introduced expanded accessibility features, and fixed several bugs.

Apple is expected to release at least one more major update for iOS 16, dubbed iOS 16.5, before iOS 17 is introduced this fall. The company will detail the features coming to iOS 17 and macOS 14 at its Worldwide Developers Conference, which begins June 5.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *