card

Apple patch fixes two actively exploited security issues for iPhones, iPads, and MacBooks

27.04.2023
393

Apple releases an update which contains patches for two security issues believed to have been actively exploited in the wild. iOS 16.4.4, iPad OS 16.4.1 and macOS Ventura 13.3.1 updates contain patches for the two discovered vulnerabilities. These actively exploited security threats are:

CVE-2023-28206, known as IOSurfaceAccelerator, was discovered by Clement Lecigne of Google Threat Analyst Group and Donncha O Cearbhaill of Amnesty International’s Security Lab. The vulnerability could allow an app to execute arbitrary code with kernel privileges.

Apple addressed the out-of-bounds write issue with improved input validation.
The patch is available for download for iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, and iPad mini 5th generation and later.

CVE-2023-28205, also discovered by Clement Lecigne of Google Threat Analyst Group and Donncha O Cearbhaill of Amnesty International’s Security Lab. is a WebKit vulnerability capable of processing maliciously crafted web content leading to arbitrary code execution.

Apple fixed the issue with improved memory management and made it available for download for iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

To update your iPhone or iPad to iOS/iPad OS 16.4.1:

  • open Settings
  • select General
  • tap on Software Update
  • select Download and Install.
    Similarly, if you want to update your MacBook to MacOS Ventura 13.3.1:
  • click on the Apple Menu in the upper left corner of your status bar
  • select System Preference
  • click Software Update.

It will be a good idea to install them as soon as you can because all three updates include important security fixes to keep your device secure and protected from threat actors.