Hackers Exploiting Two New Zero-Days in iOS 16 and macOS Ventura - Patch Now!

Apple has issued out-of-band updates for iOS and macOS to address two newly discovered security flaws that criminals are said to be exploiting in the wild.

Two weeks after patching ‘actively exploited’ vulnerabilities in older iPhone models, Apple is now rolling out more security updates, this time to patch newer iterations against freshly discovered bugs - including on the desktop front.

iOS 16.4.1, available for all iPhone models past iPhone 8, addresses an out-of-bounds write issue in IOSurfaceAccelerator with improved input validation. The bug, tracked as CVE-2023-28206, also affects iPad models beginning with the third-gen version of Apple’s tablet computer. The designated patch for iPads is available in iPadOS 16.4.1.

“Apple is aware of a report that this issue may have been actively exploited,” the tech giant warns.

A second flaw addressed in this release, tracked as CVE-2023-28205, affects the same device models and is described as a WebKit flaw where “Processing maliciously crafted web content may lead to arbitrary code execution.”

In other words, a threat actor can run their code of choice on a compromised device, including malware.

As with the previous vulnerability, threat actors are believed to be actively exploiting the bug in targeted attacks.

The WebKit bug is also patched on the desktop front, in macOS Ventura 13.3.1. Those who wish to address the security issue and postpone an OS update can rid their Mac of this hazard by updating their Safari browser to version 16.4.1