iOS 16.5 update alert for all iPhone and iPad users
According to Aetna and quoted from ForbesApple usually doesn’t go into too much detail when announcing security vulnerabilities fixed in each iOS update, but this time the smartphone giant has confirmed that three zero-day security threats are among the 39 that have been addressed in the latest iOS update. has it.
All of these security threats affect WebKit and users of iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, iPod 5th generation and later, and iPad mini 5th generation and later. A simple calculation shows that more than a billion users are at risk of these zero-day vulnerabilities unless they update to 16.5 as soon as possible.
Three WebKits were confirmed by Apple on zero day
The three vulnerabilities are all in the WebKit browser engine, and Apple has confirmed that it is “aware of a report that this flaw may be actively being exploited.”
Specifically, these include:
• CVE-2023-32409 which could enable a remote attacker to bypass the “web content” sandbox without issue.
• CVE-2023-28204, which could reveal sensitive information when processing web content.
• CVE-2023-32373 which could lead to arbitrary code execution using maliciously crafted web content.
The security expert warns that if an attacker successfully exploits these flaws, the effects will be severe.
According to Sean Wright, principal application security engineer at FeatureSpace, iOS 16.5 is “another set of vulnerabilities, some of which, if exploited by attackers, will have very severe effects.” “The chained use of some of these vulnerabilities could potentially allow an attacker to gain complete control of a device remotely,” Wright continued.
Of course, Wright believes that these vulnerabilities are mainly targeted at prominent people such as politicians, media and the like.