Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
If you’re an iPhone user reading this, you need to update your iOS to version 16.4.1 ASAP. Even Apple is giving you the heads up to do so, so you know it’s serious.
Why the sudden urgency? Because not one but two security vulnerabilities are being exploited as we speak.
And it’s not just iPhones. We’re talking iPads and MacBooks too. Yea, everything. But we’ll get to the specifics in a bit.
Naturally, Apple isn’t sharing much due to the sensitive nature of the vulnerabilities, but suffice it to say you don’t want to take any chances.
Here’s what we know: each vulnerability is tracked and logged as CVE-2023-28205 and CVE-2023-28206, states Apple’s Support Page.
One lets hackers commit malicious code to Apple devices, while the other allows an app to execute code with kernel privileges.
CVE-2023-28206:
Devices impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: “An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Our take: The security flaw could allow an app to run code with kernel privileges and a high level of access that could let the app take control of the device and perform malicious actions.
CVE-2023-28205:
Devices Impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Our Take: If you visit a website that has been set up by a hacker, your device may be vulnerable to an attack. This is because the website could have malicious code that can take control of your device and perform harmful actions.
Apple has received a report that this issue may have been actively exploited, meaning someone might have already used this security flaw to harm some devices.
Release | Devices | Vulnerabilities | CVE-ID | Impact |
---|---|---|---|---|
iOS 16.4.1 | iPhone, iPad | IOSurfaceAccelerator, WebKit | CVE-2023-28206, CVE-2023-28205 | High |
iPadOS 16.4.1 | iPad | IOSurfaceAccelerator, WebKit | CVE-2023-28206, CVE-2023-28205 | High |
macOS 13.3.1 | Mac | WebKit | CVE-2023-28205 | High |
Safari 16.4.1 | Mac | WebKit | CVE-2023-28205 | High |
Thankfully, iOS 16.4.1 patches both of these issues, hence our urgency to update your devices immediately.
Current iOS, iPadOS, and macOS updates available for download
Release | Available for | Release date |
---|---|---|
macOS Big Sur 11.7.6 | macOS Big Sur | 10 Apr 2023 |
macOS Monterey 12.6.5 | macOS Monterey | 10 Apr 2023 |
iOS 15.7.5 and iPadOS 15.7.5 | iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) | 10 Apr 2023 |
Safari 16.4.1 | macOS Big Sur and macOS Monterey | 07 Apr 2023 |
iOS 16.4.1 and iPadOS 16.4.1 | iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later | 07 Apr 2023 |
macOS Ventura 13.3.1 | macOS Ventura | 07 Apr 2023 |
How to update iOS on your iPhone
If you are ready to update your iPhone, follow the steps below. This works for any update, whether it is a minor update or a major one.
How to update your iPad
- Open the Settings app on your iPad
- Tap on General
- Then, tap on Software Update
- Tap on Download and Install
- You may be asked to remove apps because the update needs more space temporarily. Tap on Continue. iOS will reinstall those apps after the update is finished.
- Tap on Install once the update has been downloaded
“Apple is aware of a report that this issue may have been actively exploited,” the company wrote in its iOS update notes, proving the severity here.
Affected devices include the iPhone 8 and later, iPads running iPadOS 16.4.1. Additionally, MacBook Pro’plus a few others, but that’s not important, just go and update already, okay?
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- iOS 17: Apple fully commits to users ‘most requested’ features
- Microsoft is trying to launch an Xbox store on iOS and Android
- This iOS shortcut syncs Siri with ChatGPT – here’s how to set it up
- iOS 17 leak reveals new details about the iPhone 15
Laura Lisa Rotunna
April 10, 2023 at 5:43 pm
Totally completely freaking awesome. I love you iPhone Apple all your new iOS update just anything you guys just keep bringing it keep bringing it because I’m gonna keep buying it. Thank you for all your time and consideration, hard work knowledge, and most of all the value share with us the customer make musicians which we want to choose you giving us the option to choose our update. Make sure everyone.
Charlene Fenn
April 11, 2023 at 9:53 am
I went on my I pad and phone and said install update and nothing happen it didn’t start installing like it usually does. I am connected to Wi-Fi
Kevin Raposo
April 11, 2023 at 11:36 am
Try restarting your iPhone and iPad. A few others experienced the same issue, and a restart seems to do the trick. Let us know if that doesn’t work.
Thomas Cruise
April 11, 2023 at 1:29 pm
Why doesn’t Apple update immediately on its own when auto-update is enabled?
Gary Karle
April 11, 2023 at 6:35 pm
The update notification said nothing about security concerns but made much of the skin tone offerings in some of the emojis and SIRI not responding in certain instances. I could care less about skin tones on emojis and I do NOT use SIRI. The description of the update should have led off with the security fixes if they’re really that important.
Cathlene Haskin
April 14, 2023 at 6:39 pm
I just did the update & lost a whole bunch of calendar entries. Kinda important dates & appts. Is there a way to restore these? Why would this happen?