Apple has released a minor operating system update in the form of iOS 16.5.1 and iPadOS 16.5.1. As is typical with an x.x.1 point release, the list of changes is very small. The release notes consist of two sentences:
This update provides important security fixes and is recommended for all users. It also fixes an issue that prevents charging with the Lightning to USB 3 Camera Adapter.
That second bit is good news for people who rely on the Lightning to USB 3 Camera Adapter (and charge while using it), but it’s the first sentence that matters most here. The two security updates in this release are substantial:
Kernel
- Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Description: An integer overflow was addressed with improved input validation.
- CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed with improved checks.
- CVE-2023-32439: an anonymous researcher
Apple says it is aware of a report that both of these flaws may have been actively exploited (though the kernel one is specifically against versions of iOS released before iOS 15.7). That’s bad news, and you should get the fix right away.
For those with iPhones that are too old to run iOS 16 (older than iPhone 8) or iPadOS 16 (older than 3rd gen iPad Air or 5th gen iPad), Apple has released iOS and iPadOS 15.7.7 to address the same security flaws.
To get the update, open the Settings app, tap General, then Software Update. Then tap Download and Install and follow the prompts.