Apple patched actively exploited iMessage bug in latest updates
Wesley HilliardiMessage vulnerability patched
Don't hold off too long on updating to iOS 16.5.1 and the other new public releases, as Apple has patched multiple security issues that were actively exploited.
Apple released iOS 16.5.1, iPadOS 16.5.1, macOS Ventura 13.4.1, and watchOS 9.5.2 on Wednesday. These are small point updates but contain critical security patches.
According to Apple's security update page, two patches were made across all of the operating systems that address known exploits. One was reported previously by Kaspersky, which was credited by Apple's patch notes.
The iMessage exploit was covered by CVE-2023-32434 and described as an exploit capable of executing arbitrary code with kernel privileges. Apple acknowledged that the issue may have been exploited in versions of iOS prior to version 15.7.
A second patch was made for WebKit, covered by CVE-2023-32439. Bad actors could cause maliciously crafted web content to execute arbitrary code. Apple also states this could have been actively exploited.
Apple urges users to install the new updates as soon as it is reasonable to address these security concerns. Most people will likely have automatic updates turned on, but users that want to install the update now can navigate to Settings, General.
Mike Wuerthele
Malcolm Owen
Chip Loder
William Gallagher
Christine McKee
Michael Stroup
William Gallagher and Mike Wuerthele
