Apple has released software updates for iPhones and iPads that are light on features, but they are critically important from a security perspective. The updates — iOS 16.4.1 and iPadOS 16.4.1 — started rolling out on Friday, but you should install them on your iPhone and iPad as soon as possible to protect your devices from attacks.
In its official release note, Apple says the updates patch two security flaws that “may have been actively exploited.” Now, Apple doesn’t disclose security issues before conducting thorough research, both in-house and in collaboration with cybersecurity experts. In a nutshell, when Apple publicly announces a security flaw, and it comes with a “Critical Vulnerability” badge, you should grab the fix as soon as Apple makes them available.
Labeled CVE-2023-28206 and CVE-2023-28205, these security flaws have been patched with the latest updates. The former, which was flagged by a cybersecurity expert affiliated with Amnesty International, grants kernel privilege to a bad actor.
A vulnerability of this caliber is extremely dangerous, as it allows a hacker to run malicious code at the very fundamental level of an operating system to wreak havoc by exploiting root access, targeting weaknesses in code, and gaining varied levels of control over your device.
The second vulnerability, which is labeled CVE-2023-28205 and affects the WebKit engine that handles Apple’s web browser, could also allow remote code execution. This capability, once again, allows a malicious party to remotely run bad code on the target device for goals like stealing sensitive data.
Thankfully, Apple has finally released a fix for both the vulnerabilities, which affect the iPhone 8 (and models launched after it, like the iPhone 14.) and the third-gen iPad Air, fifth-gen iPad, and fifth-gen iPad mini, alongside their respective successors. For older iPhones and iPads, Apple released the iOS 15.7.5 and iPadOS 15.7.5 updates earlier today.
MacBook users should also take note, as Apple has released macOS 13.3.1 with fixes for the same vulnerabilities mentioned above.
In case you haven’t installed the iOS 16.4.1 and iPadOS 16.4.1 updates yet, you can do so by following this path: Settings > General > Software Update. However, the best way forward is to enable automatic updates on your iPhone or iPad. Here’s how you can do it:
- Open the Settings app
- On the Settings app’s home page, tap on General, followed by Software Update.
- The next page will show the status of Automatic Updates.
- If it is disabled, tap on it and enable the toggles that will make sure your phone downloads and also installs all the software updates automatically.
Now, what are you waiting for — go forth and update your iPhone, iPad, or MacBook!
