Apple has released iOS 16.4.1 and iPadOS 16.4.1, a security update that fixes two critical vulnerabilities that hackers may have actively exploited.
The first vulnerability is CVE-2023-28206, which affects the IOSurfaceAccelerator component of iOS and iPadOS. This component is responsible for accelerating graphics operations on the device. According to Apple, an app may be able to execute arbitrary code with kernel privileges by exploiting this vulnerability. This means an attacker could gain complete control over your device and access your data, settings, and apps.
The second vulnerability is CVE-2023-28205, which affects the WebKit engine of iOS and iPadOS. This engine is used by Safari and other apps to render web content. According to Apple, processing maliciously crafted web content may lead to arbitrary code execution by exploiting this vulnerability. An attacker could run malicious code on your device by tricking you into visiting a compromised website or opening a malicious link.
Apple is aware of a report that hackers may have actively exploited both vulnerabilities. This means there may be existing malware or exploits that target these vulnerabilities in the wild. Apple did not provide details on who may be behind these attacks or how widespread they are.
To protect yourself from these vulnerabilities, you should update your devices to iOS 16.4.1 and iPadOS 16.4.1 as soon as possible.
You can do this by going to
Settings > General > Software Update and tap Download and Install.
Alternatively, you can connect your device to a computer and use iTunes or Finder to update it.
Updating your devices will also protect you from other security issues that Apple has fixed in previous updates. You can find more information about the security content of iOS 16.4.1 and iPadOS 16.4.1 on Apple’s support website: https://support.apple.com/en-us/HT213720