Apple just issued a short, sharp series of security fixes for Macs, iPhones and iPads.
The following list of devices has reportedly had the issues fixed, according to the tech giant:
- iPhone 6s (all models)
- iPhone 7 (all models)
- iPhone SE (1st generation)
- iPad Air 2
- iPad mini (4th generation)
- iPod touch (7th generation)
- Macs running macOS Monterey and Big Sur
Two Security bugs are :
- CVE-2023-28205: A security hole in WebKit, whereby merely visiting a booby-trapped website could give cybercriminals control over your browser, or indeed any app that uses WebKit to render and display HTML content.To exploit it, a hacker would need to trick unsuspecting users into loading a malicious web page that could be used to execute code on their devices.
- CVE-2023-28206: A bug in Apple’s IOSurfaceAccelerator display code. This bug allows a booby-trapped local app to inject its own rogue code right into the operating system kernel itself.
Both of these zero-day vulnerabilities have now been fixed with the release of iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1 and Safari 16.4.1. However, you will still need to download and install these updates yourself.
After fixing these zero-day flaws in its newer devices, Apple has also now backported these patches to the iPhone 6s, iPhone 7, iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen), iPod touch (7th gen) and Macs still running macOS Big Sur 11.7.5.