Apple released a series of small updates on Monday that might not seem like a big deal. There are no new features, a few minor fixes, and barely any release notes to speak of. But if you haven’t installed them on your devices, you should update them now.
The iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates all include the same WebKit security update that fixes a zero-day flaw known to have been used to hack iPhones and Macs:
Webkit
- Impact: Processing maliciously crafted web content may lead to the execution of arbitrary code Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed through improved checks.
- WebKit Bugs: 251944/CVE-2023-23529: an anonymous researcher
Apple has not released details on how the flaw was exploited. This is the first zero-day flaw patched this year.
The patch is for iPhone 8 and later, iPad Air (3rd generation) and later, iPad (5th generation) and later, and iPad mini (5th generation) and later, MacBook Pro (2017 and later), MacBook Air (2018 and later), MacBook (2017 and later), iMac (2017 and later), Mac mini (2018 and later), and Mac Studio. There’s also a Safari 16.3.1 for Macs running macOS Big Sur and Monterey.
Apple has also released updates for tvOS 16.3.2 and watchOS 9.3.1, but has yet to release CVE entries. It’s unclear if there’s an update for iOS 15 devices as well.
In addition to the WebKit fix, the iOS, iPadOS, and macOS updates also include a fix for a “use after release” issue that could allow an app to execute arbitrary code with kernel privileges.
To update your device, go to the Settings app on your iPhone or iPad, or System Settings on macOS Ventura Macs, then General And Software updatee. To update Safari on macOS Big Sur or Monterey, go to System Preferences then Software updateclick the box next to Safari 16.3.1 Update, then select Install now.
