Apple issues iOS security update for vulnerable iPhones
- By Web Desk -
- Apr 11, 2023
Apple has issued an urgent security update for vulnerable iPhone devices and deployed iOS 16.4.1 to all compatible handsets including iPhone 8 and newer models.
Two vulnerabilities of iPhone handsets using iOS 16.4 – which was released at the end of the last month – were fixed in the latest update, MSN reported.
Apple has released macOS Ventura 13.3.1 and iPadOS 16.4.1 updates as the vulnerabilities were also apparent in the older versions of Mac and iPad software, allowing hackers to infiltrate the device and ‘execute arbitrary code’, according to Apple.
READ: TRY GALAXY: SAMSUNG’S NEW APP TURNS IPHONE INTO GALAXY S23
VULNERABLE DEVICES
- iPhone 8 and newer
- iPad Pro (all models)
- iPad Air 3rd generation and newer
- iPad 5th generation and newer
- iPad mini 5th generation and newer
- Macs running macOS Ventura (all)
The code could give hackers access to private data and let them gain control over the device’s functionality and allow them to install malware. It could even allow them to gain control of other devices connected to the network, or internet, that the original was connected to.
The vulnerabilities, dubbed CVE-2023-28206 and CVE-2023-28205, are what’s known as ‘zero-day’ flaws, which means they were unknown to Apple when the software was deployed.
READ: APPLE RELEASES IOS 15.5 AND IPADOS 15.5 SECURITY UPDATES
It also means that devices running that software were vulnerable to attack, because the tech giant had not released a patch or security update to fix it.
Apple said that it is aware that both CVE-2023-28206 and CVE-2023-28205 ‘may have been actively exploited’ prior to the release of iOS 16.4.1, macOS Ventura 13.3.1 and iPadOS 16.4.1.
CVE-2023-28206 was an ‘out-of-bounds write issue’ within the IOSurfaceAccelerator, a part of the software which manages pixel data.
This means part of the memory was storing too much data, and so started storing it in the wrong place, which can cause problems.
CVE-2023-28205 was a ‘use after free issue’ within the WebKit web browser engine.
This means that that a program is trying to use or access something it once stored in memory, but has already been freed.
HOW TO UPDATE
The flaws were discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.
According to BleepingComputer, these research groups are usually used by Apple to look for government-sponsored threat actors.
Therefore these were only likely to be exploited in the case of ‘highly targeted attacks’ of politicians, journalists and high-risk individuals.
Both these issues are addressed with the iOS 16.4.1 update, as well as bugs which caused Siri not to respond to commands and prevented the skin tone variation options for the pushing hands emoji.
The last software update, iOS 16.4, came with a range of new features, including the addition of 21 new emoji to the keyboard.
This includes the highly anticipated pink heart icon, as well as a shaking face (‘I’m shook’), a moose, stem ginger, the Wi-Fi symbol and a pair of maracas.
Apple software updates are not always plain sailing, which explains why some are reluctant to initiate them when offered.
Some of those who have updated to iOS 16.4 complained that that a system bug is rapidly draining their device’s battery life.
Last week, iPhone users across the world could not access live forecasts on the Apple Weather app, which some also linked to their new operating system.
Is YOUR iPhone affected? Apple is cutting support for several services
If you’re the proud owner of a retro iPhone that’s over ten years old, you may soon be forced to splash out on an upgrade.
That’s because Apple is cutting support for several online services, like the App Store, Siri and Maps, on devices running an operating system from iOS 11 to iOS 11.2.6.
So if you own a handset which can’t upgrade to iOS 11.3 at the very least, it will be rendered largely defunct from May 2023.
Although Apple is known to stop providing bug and security updates to older operating systems, this will mark the first time it has actively reduced their functionality.