Apple releases important security patches for iOS, macOS and watchOS

Apple released iOS/iPadOS 16.5.1, macOS Ventura 13.4.1, and watchOS 9.5.2 interim updates that fixed a number of zero-day vulnerabilities. There are no new features in them, but Apple recommends that all users install them.

Since these vulnerabilities are also present in older versions of the system, they also received updates: these are the builds of iOS 15.7.7, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, watchOS 8.8.1 and iPadOS 15.7.7.

One of the closed vulnerabilities, dubbed CVE-2023-32434, discovered employees of Kaspersky Lab. It allows you to run arbitrary code with kernel access on iPhone 6s and newer. models and most tablets, including all iPad Pro plus iPad Air 2, iPad mini 4, iPad 5 and newer.

In parallel, two more WebKit vulnerabilities were closed. They allow you to run arbitrary code after processing certain web content. Thus, the CVE-2023-32435 vulnerability discovered by the same Kaspersky employees works on the iPhone 7 and older devices, and CVE-2023-32439 from anonymous researchers may work on current models.

Apple also confirmed that these vulnerabilities may have been actively exploited on iOS 15.7 and older, according to reports, but did not comment on the accuracy of these reports.

In parallel, the iOS 16.5.1 update fixes a bug where Lightning/USB 3 charging to connect the camera failed.