If you happen to be an iPhone user and are reading this, you need to update to iOS 16.4.1 ASAP! Even Apple is giving you the heads up to do so, so you know it’s serious.
So why the sudden urgency? Well, as we speak, not one but two security vulnerabilities are being exploited. And it’s not just iPhones, we’re talking iPads and MacBooks too.
Yea, everything. But we’ll get to the specifics in a bit.
Because of the sensitive nature of the vulnerabilities, Apple isn’t disclosing much, but suffice it to say you don’t want to take any chances.
What we know
According to Apple’s Support Page, each vulnerability is tracked and documented as CVE-2023-28205 and CVE-2023-28206.
The first vulnerability involves the WebKit browser engine that powers Apple apps, including Web browser Safari, Mail and the App Store.
It allows hackers to insert code on a device when the user browses malicious Web content, to insert malware or spyware, or execute malicious operating system commands.
Meanwhile, hackers could use malicious apps to exploit the second vulnerability, to execute code or commands without the owner’s knowledge, while also having the greatest degree of control over a particular device.
Here’s a deeper dive:
CVE-2023-28206
- Devices impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: “An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
- Our take: The security flaw could allow an app to run code with kernel privileges and a high level of access that could let the app take control of the device and perform malicious actions.
CVE-2023-28205
- Devices Impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Impact: “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
- Our Take: If you visit a website that has been set up by a hacker, your device may be vulnerable to an attack. This is because the website could have malicious code that can take control of your device and perform harmful actions.
Apple has received a report that this issue may have been actively exploited, meaning someone might have already used this security flaw to harm some devices.
Thankfully, iOS 16.4.1 patches both of these issues, hence the urgency to update your devices immediately.
Affected devices
Devices affected are the iPhone 8 and later models, all iPad Pro models, the iPad Air (third generation and later), iPad and iPad mini (fifth generation and later), and Macs running macOS Ventura.
How to update to iOS 16.4.1 on your iPhone
To update to the latest iOS follow the following steps:
- Open the Settings app on your iPhone
- Then, tap on General
- Tap on Software Update
- Tap on Download and Install
- Tap on Install and wait for your iPhone to finish updating and reboot itself.
How to update your iPad
Steps to update your iPad are somewhat similar to those of the iPhone:
- Open the Settings app on your iPad
- Tap on General
- Then, tap on Software Update
- Tap on Download and Install
- You may be asked to remove apps because the update needs more space temporarily.
- Tap on Continue. iOS will reinstall those apps after the update is finished.
- Tap on Install once the update has been downloaded
The latest iOS update patches these two vulnerabilities, so please go update your Apple devises, okay?
