Skip to main content

iOS 16.5 patches 39 security flaws, 3 actively exploited

Included with iOS 16.5 comes a variety of important security fixes. There are 39 vulnerabilities addressed in the latest iOS update and Apple notes that three of them were reported as actively exploited.

Apple shared the latest vulnerability fixes on its security updates page. While iOS had the most at 39, macOS with Safari 16.5, watchOS 9.5, and tvOS 16.5 also include important security updates.

So even though there aren’t a lot of new features with the latest updates, they’re important to install.

For iOS, the security updates include patches for everything from kernel to CoreServices, Photos to Sandbox, Siri and Shortcuts, and System Settings to Weather, WiFi, and WebKit.

Here are the three WebKit security patches that fix what are believed to be actively exploited flaws:

Note: fixes for the second and third flaws were first made available with Rapid Security Response with iOS 16.4.1(a) on May 1.

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.

Description: The issue was addressed with improved bounds checks.

WebKit Bugzilla: 255350
CVE-2023-32409: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds read was addressed with improved input validation.

WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher

This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a).

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher

This issue was first addressed in Rapid Security Response iOS 16.4.1 (a) and iPadOS 16.4.1 (a).

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.