Apple

iPhone users: Critical iOS 16.5 patch available, download now

Apple urges iPhone and iPad users to update to iOS 16.5 to protect their devices from security threats.

by
Marcus Spencer
May 22, 2023

Image: KnowTechie

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Apple released iOS 16.5 on May 19, 2023, to patch 39 security vulnerabilities. Yes, 39. That’s a fairly large number, especially given the context relating to 39 things that could have gone wrong but didn’t.

The update includes patches for three actively exploited vulnerabilities, which could have been used to steal data or take control of devices.

Speaking to Forbes, Sean Wright, a security engineer for Apple, said: “Chaining some of these vulnerabilities together could potentially allow an attacker to be able to remotely gain full control of a device”

Apple’s support document lists the three actively exploited vulnerabilities:

CVE-2023-32409 could allow a remote attacker to escape the Web Content security sandbox

CVE-2023-32409

Available for: macOS Big Sur and macOS Monterey
Impact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
Description: The issue was addressed with improved bounds checks.

CVE-2023-28204, which could disclose sensitive information when processing web content

CVE-2023-28204

Available for: macOS Big Sur and macOS Monterey
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds read was addressed with improved input validation.

CVE-2023-32373 could lead to arbitrary code execution using maliciously crafted web content

CVE-2023-32373

Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use-after-free issue was addressed with improved memory management.

What devices are affected?

iPhone 8 and later.
All iPad Pros devices.
iPad Air 3rd generation and later.
iPad 5th generation and later.
iPad mini 5th generation.

How can hackers use these security issues to target people?

The Web Content security sandbox is a security feature that helps to protect users from malicious web content. By breaking out of the sandbox, an attacker could access the user’s device and steal data or install malware.

Furthermore, disclosing sensitive information could allow attackers to learn about users’ browsing habits or other personal information. Additionally, this information could target the user with phishing attacks or other forms of fraud.

Lastly, arbitrary code execution is a vulnerability that could allow an attacker to run any code on the user’s device.

How can I update to the latest version of iOS?

To update your device, go to Settings > General > Software Update. If you see iOS 16.5 available, tap Download and Install.

Open the Settings app on your iPhone

Then, tap on General

Tap on Software Update

ios 14 settings software update for iphone

Tap on Software Update

Tap on Download and Install

The last step is to tap on Install and wait for the iPhone to finish updating and reboot itself.

Apple has already released notes for iOS 16.6 beta, so the company is already getting a headstart on the next set of security vulnerabilities. Users can sign up for the beta program for Apple here.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.