If you own an iPhone or iPad, you should update your device to iOS 16.5 now after concerns of a significant security threat.
Apple released the iOS 16.5 update last week, highlighting security fixes for three zero-day vulnerabilities found within the WebKit browser engine. However, these vulnerabilities could be actively exploited, leading to worrying security concerns.
The security risks impact iPhone 8 and later, all iPad Pros, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple's support document says the specific vulnerabilities are:
- CVE-2023-32409 which could enable a remote attacker to break out of the Web Content security sandbox.
- CVE-2023-28204 which may disclose sensitive information when processing web content.
- CVE-2023-32373 which could lead to arbitrary code execution using maliciously crafted web content.
Huge security concerns
Forbes spoke to Sean Wright, the principal application security engineer at Featurespace. He said iOS 16.5 shows "another mixed bag of vulnerabilities, some with quite severe impacts if an attacker were able to successfully exploit them,"
"Chaining some of these vulnerabilities together could potentially allow an attacker to be able to remotely gain full control of a device"
Wright says the WebKit vulnerabilities are very worrying and urges everyone to update regularly to ensure their iOS devices are protected from potential security issues.
It's worth noting that while vulnerabilities should be a concern, you shouldn't worry too much about these vulnerabilities. As long as you update your device and remain vigilant, your iOS device should be protected against major threats.
Since the release of iOS 16.5, Apple has started seeding iOS 16.6 beta to developers, looking to keep improving security across iOS.
With WWDC around the corner on June 5, there will be hopes that Apple strengthens security across its operating systems to make sure that iOS 17 and iPadOS 17 are as stable and security-rich as possible.
