If you’re an iPhone user reading this, you need to update your iOS to version 16.4.1 ASAP. Even Apple is giving you the heads up to do so, so you know it’s serious.
Why the sudden urgency? Because not one but two security vulnerabilities are being exploited as we speak.
And it’s not just iPhones. We’re talking iPads and MacBooks too. Yea, everything. But we’ll get to the specifics in a bit.
Naturally, Apple isn’t sharing much due to the sensitive nature of the vulnerabilities, but suffice it to say you don’t want to take any chances.
Here’s what we know: each vulnerability is tracked and logged as CVE-2023-28205 and CVE-2023-28206, states Apple’s Support Page.
One lets hackers commit malicious code to Apple devices, while the other allows an app to execute code with kernel privileges.
Per Apple’s support page:
CVE-2023-28206:
Devices impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: “An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
Our take: The security flaw could allow an app to run code with kernel privileges and a high level of access that could let the app take control of the device and perform malicious actions.
CVE-2023-28205:
Devices Impacted: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
Our Take: If you visit a website that has been set up by a hacker, your device may be vulnerable to an attack. This is because the website could have malicious code that can take control of your device and perform harmful actions.
Apple has received a report that this issue may have been actively exploited, meaning someone might have already used this security flaw to harm some devices.
| Release | Devices | Vulnerabilities | CVE-ID | Impact |
|---|---|---|---|---|
| iOS 16.4.1 | iPhone, iPad | IOSurfaceAccelerator, WebKit | CVE-2023-28206, CVE-2023-28205 | High |
| iPadOS 16.4.1 | iPad | IOSurfaceAccelerator, WebKit | CVE-2023-28206, CVE-2023-28205 | High |
| macOS 13.3.1 | Mac | WebKit | CVE-2023-28205 | High |
| Safari 16.4.1 | Mac | WebKit | CVE-2023-28205 | High |
Thankfully, iOS 16.4.1 patches both of these issues, hence our urgency to update your devices immediately.
Current iOS, iPadOS, and macOS updates available for download
| Release | Available for | Release date |
|---|---|---|
| macOS Big Sur 11.7.6 | macOS Big Sur | 10 Apr 2023 |
| macOS Monterey 12.6.5 | macOS Monterey | 10 Apr 2023 |
| iOS 15.7.5 and iPadOS 15.7.5 | iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) | 10 Apr 2023 |
| Safari 16.4.1 | macOS Big Sur and macOS Monterey | 07 Apr 2023 |
| iOS 16.4.1 and iPadOS 16.4.1 | iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later | 07 Apr 2023 |
| macOS Ventura 13.3.1 | macOS Ventura | 07 Apr 2023 |
How to update iOS on your iPhone
If you are ready to update your iPhone, follow the steps below. This works for any update, whether it is a minor update or a major one.
-
Open the Settings app on your iPhone
-
Then, tap on General
-
Tap on Software Update
-
Tap on Download and Install
-
The last step is to tap on Install and wait for the iPhone to finish updating and reboot itself.
How to update your iPad
- Open the Settings app on your iPad
- Tap on General
- Then, tap on Software Update
- Tap on Download and Install
- You may be asked to remove apps because the update needs more space temporarily. Tap on Continue. iOS will reinstall those apps after the update is finished.
- Tap on Install once the update has been downloaded
“Apple is aware of a report that this issue may have been actively exploited,” the company wrote in its iOS update notes, proving the severity here.
Affected devices include the iPhone 8 and later, iPads running iPadOS 16.4.1. Additionally, MacBook Pro’plus a few others, but that’s not important, just go and update already, okay?
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
