iOS 16.4.1 and macOS 13.3.1 plug security holes exploited by hackers

Apple today released iOS 16.4.1 on iPhone, iPadOS 16.4.1 on iPad, and macOS 13.3.1 on Mac with fixes. It turns out that the updates also plug security holes already exploited by hackers.

Whether on iOS 16.4.1 Or macOS 13.3.1, the two security vulnerabilities exploited by hackers are the same. The first has the reference CVE-2023-28206 and concerns IOSurfaceAccelerator. Apple explains that an application may be able to execute arbitrary code with kernel privileges. Fixed an out-of-bounds write issue with improved input validation.

The second flaw has the reference CVE-2023-28205 and affects WebKit, the rendering engine of Safari (and other Internet browsers on iOS). Processing maliciously crafted web content may lead to the execution of arbitrary code. Fixed a use-after-free issue with better memory management.

In the cases, the flaws were discovered by Clément Lecigne of the Threat Analysis team at Google and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

It is therefore advisable to update your devices now. macOS 13.3.1 fixes a bug where the Pushing Hands Emoji weren’t available in different skin colors, and another bug where auto-unlocking your Mac with the Apple Watch might not work. For iOS 16.4.1, there is also the fix for Emojis and another where Siri did not respond to commands.