Apple released an operating system update this week that fixes two zero-day vulnerabilities in older iPhones, iPads and Macs, following last week’s hardening of software security for newer products.
Last Friday, Apple released iOS and iPadOS 16.4.1, and macOS Ventura 13.3.1 updates, addressing two major vulnerabilities that have been abused. Among them, CVE-2023-28205 is located in WebKit, which is a use after free vulnerability. Attackers can set up malicious webpages to lure users to access them, causing malicious code to be executed on the victim’s device. CVE-2023-28206 is an out-of-bounds write vulnerability affecting iOSSurfaceAccelerator, which can allow malicious applications to execute arbitrary code on the victim device with core privileges.
Last week, Apple only patched newer devices, including iPhone 8 and above, iPad Pro (all models), iPad Air 3 and above, iPad 5 and above, iPad mini 5 and above, and computers running macOS 13 Ventura. On Monday, Apple released another operating system update to fix older products.iniOS / iPadOS 15.7.5Resolves issues with older devices, including iPhone 6S, 7, SE and iPad Air 2, iPad mini 4 and iPod touch 7.
MacOS updates then packageWith macOS Big Sur 11.7.6andMonterey 12.6.5。
This time, Apple released two batches of software updates only one weekend apart, which is much faster than the previous zero-day bug fix. Apple also patched WebKit’s arbitrary code execution vulnerability CVE-2023-23529 in February. At that time, Apple only patched the iPhone 8, iPad 5 and macOS Ventura systems. It was not until a month later, at the end of March, that Apple resolved the same vulnerability in older iPhone/iPad and Mac computers.