PSA: Make Sure to Update, iOS 16.5, iPadOS 16.5, and macOS 13.4 Address These Three Actively Exploited Vulnerabilities

[MacRumors]

The iOS 16.5, iPadOS 16.5, and macOS 13.4 updates that Apple released today address vulnerabilities that are known to have been exploited by bad actors, which means it is important to update to the new operating systems as soon as you can.

According to Apple's security support documents for iOS and macOS, the updates fix three WebKit vulnerabilities. Two of these issues were addressed in the prior iOS 16.4.1 and macOS 13.3.1 Rapid Security Response updates and are not an issue if you updated, but a third vulnerability is still active until you install the latest updates.

The WebKit security flaw could allow an attacker to break out of the Web Content sandbox, an issue that Apple fixed with improved bounds checks. Apple says that it is aware of a report that this issue may have been actively exploited.

The other two WebKit vulnerabilities were related to processing maliciously crafted web content that could allow for the disclosure of sensitive information or arbitrary code execution.

Article Link: PSA: Make Sure to Update, iOS 16.5, iPadOS 16.5, and macOS 13.4 Address These Three Actively Exploited Vulnerabilities

 

[jz0309]

is that the reason for 3 RCs for macOS?

 

[cdsapplefan]

Didn’t they just have a rapid security update like one week ago?

 

[TheYayAreaLiving 🎗️]

Ok, this is very scary! Did anyone catch this under Siri? 😵‍💫🥴🤥

 

[Love-hate 🍏 relationship]

How bad is it really for the average user ? How dangerous is this kind of flaw ,and how likely is it that u encounter a website that uses the exploit ?

 

[Lounge vibes 05]

Didn’t they just have a rapid security update like one week ago?

They did, and, as stated in the article, two out of the three vulnerabilities were patched in that.

 

[Mr. Dee]

Are old versions of iOS and macOS affected?

 

[AppleTO]

How bad is it really for the average user ? How dangerous is this kind of flaw ,and how likely is it that u encounter a website that uses the exploit ?

Yes, I'd like to know this as well. MacRumours have been posting a lot of these PSA's lately. But in the grand scheme of things, how risky is it really without the patch? And compared to other updates.

 

[AppleTO]

Are old versions of iOS and macOS affected?

I wish they would publish this kind of information as well. It would be nice to know if legacy systems may be affected as well.

 

[Havoc035]

So the rapid security update did contain fixes after all. Since the security webpage wasn’t updated after it was released, I figured it must have been a large scale test release.

 

[macsplusmacs]

That bug looks evil to me.

Unsure why.

 

[jafd]

Isn't it funny how the more macOS gets more and more locked down (sorry, tamper proof) in the name of security, the more vulnerabilities crop up that are being exploited in the wild months before a patch comes out?

 

[CharlesShaw]

Well, dang. I guess I really do need to update the herd today.

 

[0924487]

This update fixed a lot of very serious bugs...

I'm shocked that they were there in the first place.

 

[MacATDBB]

I guess our Macs that need to run bespoke x86 32bit applications written years ago (and so are still on Mojave) will just get more and more vulnerable. At some point someone will find the funds to get the code rewritten for linux and we'll be able to move on from MacOS for research applications and just keep a few around for compatibility testing, fish tanks etc.

 

[WilliApple]

2 of them were fixed in 16.4.1(a).

 

[doboy]

So the rapid response was only 66.7% effective.

 

[contacos]

Pegasus is listening 👀

 

[LV426]

This update fixed a lot of very serious bugs...

I'm shocked that they were there in the first place.

I’m not shocked in the slightest. iOS is riddled with bugs and there are many more vulnerabilities waiting to be found. Like most software on the planet.

 

[danielsutton]

Ok, this is very scary! Did anyone catch this under Siri? 😵‍💫🥴🤥

View attachment 2203823

If someone has physical access to your machine, you may have some extra things to worry about

 

[Love-hate 🍏 relationship]

Isn't it funny how the more macOS gets more and more locked down (sorry, tamper proof) in the name of security, the more vulnerabilities crop up that are being exploited in the wild months before a patch comes out?

I'm not sure a correlation can be made

If anything, I'd say that macs gaining market share is the reason of such exploits being discovered and new malware created

 

[Love-hate 🍏 relationship]

I guess our Macs that need to run bespoke x86 32bit applications written years ago (and so are still on Mojave) will just get more and more vulnerable. At some point someone will find the funds to get the code rewritten for linux and we'll be able to move on from MacOS for research applications and just keep a few around for compatibility testing, fish tanks etc.

How about OCLP?

 

[Unregistered 4U]

Take note how these vulnerabilities, which actually work WITHOUT physical access to the device, were not reported by “security researchers” like those that want to sound the alarm for exploits that require the attacker to have physical access to the device. OR require the user to provide admin rights to an attacking application.

 

[segfaultdotorg]

Not showing on my 2012 iPad.
HEY SIRI SEARCH FOR IPAD CLASS ACTION LAWSUIT

 

[PerfectChaos]

Updates are also available for Big Sur and Monterey.
I’m glad my Big Sur Mac is still getting updates. It’s likely one of the last few.