The new iOS, iPadOS and macOS Ventura patches from Friday fix two security issues, one of which appears to have been exploited.
Apple issues new security patches
The company issued updates for iOS 16.4.1 and macOS Ventura 13.3.1 on Friday. They fixed the Apple Watch auto-unlock feature on Mac and an issue with Siri responsiveness.
Next, as is typical with new Apple releases, the company also updated its webpage for security updates. The two releases contain the same security patches, as discovered by Clement Lecigne of Google's Threat Analysis Group and Donncha O Cearbhaill of Amnesty International's Security Lab.
Patches for iOS & macOS
Users can update their operating systems by going to Settings > General > Software Update on their iPhones and Macs.
IOSurfaceAccelerator
- Available for: macOS Ventura, iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
- Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved input validation.
- CVE-2023-28206: Clement Lecigne of Google's Threat Analysis Group and Donncha O Cearbhaill of Amnesty International's Security Lab.
WebKit
- Available for: macOS Ventura, iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2023-28205: Clement Lecigne of Google's Threat Analysis Group and Donncha O Cearbhaill of Amnesty International's Security Lab.