Critical patches are among dozens of security fixes.
Apple released a slew of updates that bring a few new features to the iPhone and Mac. But much more importantly, the updates include three critical zero-day patches for security vulnerabilities that are known to have been actively exploited.
The WebKit flaws span Apple’s family of devices and have been patched in iOS 16.5, iPadOS 16.5, watchOS 9.5, macOS 13.4, and tcOS 16.5, but also iOS/iPadOS 15.7.6, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, as well as Safari 16.5. All of the updates include the same five WebKit fixes, with three of them known to have been exploited:
WebKit
Impact: Processing web content may disclose sensitive information
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 255075
CVE-2023-32402: an anonymous researcher
WebKit
Impact: Processing web content may disclose sensitive information
Description: A buffer overflow issue was addressed with improved memory handling.
