All the attention might be on iOS 17 and macOS Sonoma, but Apple hasn’t stopped working on its current lineup of operating systems. And if you’re not running the betas, you should know that Apple just released a series of updates to fix some critical security vulnerabilities.
In total, Apple released eight updates on Wednesday: iOS 16.5.1 and iPadOS 16.5.1; iOS 15.7.7 and iPadOS 15.7.7; macOS Ventura 13.4.1, macOS Monterey 12.6.7 and macOS Big Sur 11.7.8; and watchOS 9.5.2 and watchOS 8.8.1. This covers over a decade of devices dating back to 2013 and includes the iPhone 6s, Apple Watch Series 3, and the original 12-inch MacBook. All updates fix the same vulnerability:
Core
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Description: An integer overflow has been resolved with better input validation.
- CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_) and Boris Larin (@oct0xor) from Kaspersky
According to The Register, this update fixes a flaw exploited by the “Operation Triangulation” campaign that was able to use iMessage to deliver a “malicious attachment” transmitting sensitive information including audio recordings, photos and geolocation data. The exploit is known to have been exploited in iOS versions earlier than 15.7, but the flaw can be found in all Apple devices.
Additionally, the iOS, iPadOS, and macOS Ventura updates include a fix for a WebKit flaw that may also have been exploited:
Webkit
- Impact: Processing maliciously crafted web content may lead to the execution of arbitrary code. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue has been resolved with improved checks.
CVE-2023-32439: an anonymous researcher (Bugzilla WebKit: 256567)
None of the updates include other security fixes. However, the iOS 16.5.1 release notes say it includes a fix for an issue that prevents charging with the Lightning to USB 3 Camera Adapter.
