Toni Hobrecht
Apple today released iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1 to the public. Eligible iPhones, iPads and Macs should already show availability, as Apple pushes such updates to all devices at the same time. The update should be installed as soon as possible as it contains fixes for some actively exploited vulnerabilities.
The IOSurfaceAccelerator vulnerability allowed an app to run arbitrary code with kernel privileges. As a countermeasure, Apple is introducing improved memory management with iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1. There was also a vulnerability in WebKit that allowed malicious web content to execute code. In technical terms, the whole thing is called an “out-of-bounds write issue”, which, according to Apple, is no longer possible with the new firmware thanks to improved input validation.
Both issues came to light thanks to analysis by Google’s Threat Analysis Group and Amnesty International’s Security Lab, which also reported the bugs to Apple. Additionally, Apple has also released a new Safari 16.4.1 update for macOS Monterey and macOS Big Sur. The WebKit vulnerability should also have been the focus here.
Additionally, iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 fix an issue that caused Siri to become unresponsive in some cases. There are also new skin tones for the pushing hands emoji. The new operating system versions are definitely not the biggest update in recent times. But due to the security gaps mentioned above, there is no way around a timely installation.
