Apple releases iOS 16.4.1 and macOS 13.3.1 with zero-day bug fixes

Spread the love

Apple has released iOS 16.4.1 and macOS 13.3.1. The updates address the same two zero-day vulnerabilities. According to Apple, they were both actively exploited and enabled remote arbitrary code execution on the devices.

The vulnerabilities were located in IOSurfaceAccelerator and WebKit and are named CVE-2023-28206 and CVE-2023-28205 respectively. The former concerns an out-of-bounds write bug in the operating system kernel. This allowed a malicious app to execute arbitrary code with kernel privileges, Apple writes.

Due to the second vulnerability, visiting malicious web content, such as websites or advertisements, could cause arbitrary code to be executed on the device. Apple also releases little detailed information about the bugs.

In addition to the zero-day vulnerabilities, the updates fix a number of minor bugs. Both the iOS and macOS update fix a bug that prevented an emoji’s skin color variations from being shown. Also, the iOS update should fix Siri not responding in some cases. Finally, an issue would have been fixed that caused unlocking the iMac with an Apple Watch to not work properly in a number of cases.

You might also like