Last night, Apple released iOS 17 beta 2, but also iOS 16.5.1, available for all devices that can install iOS 16. This minor update of iOS 16.5 (the first) fixes various bugs, but also, and above all,two major security flaws.
Here are the English version notes published by Apple on this subject:
Kernel
- Impact:An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Description:An integer overflow was addressed with improved input validation.
- CVE-2023-32434:Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
- Impact:Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description:A type confusion issue was addressed with improved checks.
- CVE-2023-32439:an anonymous researcher
The two flaws addressed by the update could until now allowexecuting malicious code at a high privilege leveland therefore potentially seriously affect an iPhone or an iPad (this also concerns the Mac by the way).
With iOS 16.5.1, these flaws are part of ancient history. And for iPhones and iPads that cannot install iOS 16 or iPadOS 16, and therefore this 16.5.1 update, Apple has planned this. These can installiOS 15.7.7 and iPadOS 15.7.7to take advantage of the same two security fixes.
For Macs, you have to switch tomacOS 13.4.1also released yesterday to receive the new protections (or macOS Big Sur 11.7.8 or macOS Monterey 12.6.7 for older Macs). Finally,watchOS 9.5.2completes the quartet of freshly deployed Apple updates and refines watchOS 9, just like watchOS 8.8.1 for watches limited to watchOS 8.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
Editor-in-chief for iPhon.fr. Pierre is like Indiana Jones, looking for the lost iOS trick. Also a long-time Mac user, Apple devices hold no secrets for him. Contact: pierre[a]iphon.fr.
