All attention might be on iOS 17 and macOS Sonoma, but Apple hasn’t stopped working on its current crop of operating systems. And if you’re not running the betas, you need to know that Apple just shipped a slew of updates to fix some critical security holes.
In all, Apple pushed 10 updates on Wednesday: iOS 16.5.1 and iPadOS 16.5.1; iOS 15.7.7 and iPadOS 15.7.7; macOS Ventura 13.4.1, macOS Monterey 12.6.7, and macOS Big Sur 11.7.8; Safari 16.5.1; and watchOS 9.5.2 and watchOS 8.8.1. That covers more than a decade of devices going back to 2013 and includes the iPhone 6s, Apple Watch Series 3, and the original 12-inch MacBook.
All of the OS updates fix the same vulnerability:
- Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
- Description: An integer overflow was addressed with improved input validation.
- CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
According to The Register and Hacker News, this update fixes the flaw exploited by the “Operation Triangulation” campaign that was able to use iMessage to deliver a “malicious attachment” that then transmitted sensitive information including audio recordings, photos, and geolocation data. The exploit, dubbed TriangleDB is known to have been exploited in versions of iOS earlier than 15.7, but the flaw can be found in all of Apple’s devices.
Additionally, the iOS, iPadOS, and macOS Ventura updates, as well as Safari 16.5.1 for Big Sur and Monterey, include a fix for a WebKit flaw that also may have been exploited:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed with improved checks.
CVE-2023-32439: an anonymous researcher (WebKit Bugzilla: 256567)
None of the updates include any other security patches. However, the iOS 16.5.1 release notes say it includes a fix for an issue that prevents charging with the Lightning to USB 3 Camera Adapter.