Apple on Thursday released the first update to iOS 17, bringing bug fixes and security updates just days after the major update arrived on iPhones. If you’re not running iOS 17 yet (or can’t), there’s also an update for iOS 16.
Arriving two weeks after the last minor update, iOS 16.7 and iPadOS 16.7 bring “important bug fixes and security updates and is recommended for all users.” Most notably, the update includes three zero-day patches to fix vulnerabilities that may have been exploited:
Kernel
- Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
- Description: The issue was addressed with improved checks.
- CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Security
- Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
- Description: A certificate validation issue was addressed.
- CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
WebKit
- Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
- Description: The issue was addressed with improved checks.
- CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
iOS 16.7 is likely to be the last major number release, with future updates likely progressing as 16.7.1, 16.7.2, etc. Apple will continue to fix bugs and security holes for the next year and deliver occasional security updates after that, but won’t add any new features to iOS 16.
