Apple patch fixes two actively exploited security issues for iPhones, iPads, and MacBooks — how to download it now

Apple ecosystem
(Image credit: Apple)

Often the latest update for your iPhone, iPad, or MacBook is just giving you some new emoji or maybe the classic "bug fixes," so who cares if it waits a day or two, but not so with the iOS 16.4.1, iPad OS 16.4.1, and macOS Ventura 13.3.1 updates going out today.

These updates contain patches for two security issues, which again wouldn't necessarily be an emergency, but both are believed to have been actively exploited in the wild, so they present an immediate threat to your devices and you should update now to avoid the threat (via AppleInsider).

How to update your iPhone or iPad to iOS/iPadOS 16.4.1

1. Open Settings
2. Select General
3.
Tap on Software Update
4.
Select Download and Install

How to update your MacBook to MacOS Ventura 13.3.1

1. Click on the Apple Menu in the upper left-corner of your status bar
2. Select System Preferences
3.
Click Software Update

hacker

(Image credit: Getty)

What are these actively exploited security threats?

Apple provided the full details regarding each of the exploits on its security updates page:

IOSurfaceAccelerator

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Sean Riley

Sean Riley has been covering tech professionally for over a decade now. Most of that time was as a freelancer covering varied topics including phones, wearables, tablets, smart home devices, laptops, AR, VR, mobile payments, fintech, and more.  Sean is the resident mobile expert at Laptop Mag, specializing in phones and wearables, you'll find plenty of news, reviews, how-to, and opinion pieces on these subjects from him here. But Laptop Mag has also proven a perfect fit for that broad range of interests with reviews and news on the latest laptops, VR games, and computer accessories along with coverage on everything from NFTs to cybersecurity and more.