Apple Released iOS/iPadOS/tvOS 16.5 and macOS 13.4

Apple released updates to its lineup of OS’s today. iOS, iPadOS and tvOS were updated to version 16.5, and macOS was updated to version 13.4.

The updates include patches to three actively exploited vulnerabilities, two of which were fixed in the Rapid Security Response updates released on May 1. The new vulnerability, tracked as CVE-2023-32409, exists in the WebKit browser engine used in Safari, and allows attackers to escape the Web Content sandbox.

Why Should You Care?

When a vulnerability is being “actively exploited”, it means hackers have already been looking for and attacking devices that have the vulnerability, which makes the risk very high for a successful attack. Once an attack is successful, the hackers will continue to attack until they get what they want. Since the newly announced vulnerability is a sandbox escape, it bypasses a security protection that Apple has built into their OS’s, and makes the OS much more vulnerable to further attacks.

What Should You Do?

Test the OS versions released today for any bugs and compatibility issues, then update on your own devices and your organization’s devices as soon as possible to mitigate these three vulnerabilities.

References

• https://www.bleepingcomputer.com/news/apple/apple-fixes-three-new-zero-days-exploited-to-hack-iphones-macs/