Apple released iOS 16.4.1 on April 7, about two weeks after the firm released its previous update to the operating system. The update was deployed to fix vulnerabilities that could be actively exploited.
“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page,” Apple states on its website.
“Apple’s own Safari browser uses WebKit, making it directly vulnerable to WebKit bugs,” it said. “Additionally, Apple’s App Store rules mean that all browsers on iPhones and iPads must use WebKit, making this sort of bug a truly cross-browser problem for mobile Apple devices.”
The second bug, CVE-2023-28206, involves a security hole in IOSurfaceAccelerator that can allow an app to execute code with kernel privileges, meaning an attacker can target the core of the code in iOS if it isn’t patched.
“This bug allows a booby-trapped local app to inject its own rogue code right into the operating system kernel itself. Kernel code execution bugs are inevitably much more serious than app-level bugs, because the kernel is responsible for managing the security of the entire system, including what permissions apps can acquire, and how freely apps can share files and data between themselves,” Sophos wrote.
In each of the two cases, Apple stated on its website that it was “aware of a report that this issue may have been actively exploited.” Users should update their iPhones, iPads, MacBooks, and other Apple devices that use iOS 16.4 as soon as possible, Sophos and other security researchers say.
“You may already have been offered the update by Apple; if you haven’t been, or you were offered it but turned it down for the time being, we suggest forcing an update check as soon as you can,” Sophos said.
Consumers can manually update to the latest version on their iPhones or iPads by going to Settings, General, and Software Update. Then, they should click Download and Install, follow the prompts, and wait for the phone to restart.
Other Updates
iOS 16.4 and now iOS 16.4.1 run on all iPhones starting from the iPhone 8 and later, according to Apple’s website. Apple also released iOS 15.7.4 for iPhones that are older last month.About a week ago, Apple implemented updates to its iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, Safari 16.4, Studio Display Firmware Update 16.4, watchOS 9.4, tvOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, and macOS Ventura 13.3 upgrades on Monday. The update covers all models of iPhone 6s, iPhone 7s, the first generation iPhone SE, iPad Air 2, later iPad Minis, and the seventh generation iPod touch.