Apple on Monday released a flurry of small “point” updates that might not seem very important. There are no new features, a few minor fixes for iPhone users, and barely any release notes. But if you haven’t installed them on your devices, you should go update them right now.
The iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates all include the same WebKit security update that patches a zero-day flaw known to have been used to hack iPhones and Macs:
WebKit
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed with improved checks.
- WebKit Bugzilla: 251944/CVE-2023-23529: an anonymous researcher
Apple hasn’t released specifics about how the flaw may have been exploited. It’s the first zero-day flaw, which is defined as a recently discovered security vulnerability, that Apple has fixed this year.
The patch is for iPhone 8 and later, iPad Air (3rd gen) and later, iPad (5th gen) and later, and iPad mini (5th gen) and later, MacBook Pro (2017 and later), MacBook Air (2018 and later), MacBook (2017 and later), iMac (2017 and later), Mac mini (2018 and later), and Mac Studio. There’s also a new 16.3.1 version of Safari for Macs running macOS Big Sur and Monterey.
Apple also released updates for tvOS 16.3.2 and watchOS 9.3.1, but hasn’t yet published the CVE entries. It’s not clear whether there’s an update to fix the flaw coming for iOS 15 devices this week as well. Apple keeps the next oldest operating systems patched for a year or so after devices are no longer compatible with the newest version, such as the iPhone 7, but they don’t arrive as regularly.
In addition to the WebKit patch, the iOS, iPadOS, and macOS updates also include a fix for a “use after free” issue that could allow an app to execute arbitrary code with kernel privileges.
To update your device, go to the Settings app on your iPhone or iPad, or System Settings on macOS Ventura Macs, then General and Software Update. To update Safari on macOS Big Sur or Monterey, go to System Preferences then Software Update, click the box next to the Safari 16.3.1 update, and then select Install Now.
Discussion about this post