On Monday, Apple released a series of small updates that may not seem like a big deal. There are no new features, there are a few minor fixes, and almost no release notes. But if you haven’t installed them on your devices yet, you should update them right now.
The iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates include the same WebKit security update that fixes a zero-day vulnerability known to have been used to jailbreak iPhones and Macs:
webkit
- Impact. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description. A type confusion issue was addressed with improved checks.
- WebKit Bug: 251944/CVE-2023-23529: Anonymous Researcher
Apple did not provide details on how the vulnerability could have been exploited. This is the first zero-day vulnerability patched this year.
The patch is for iPhone 8 and later, iPad Air (3rd generation) and later, iPad (5th generation) and later, iPad mini (5th generation) and later, MacBook Pro (2017 and later) , MacBook Air (2018 and up). ), MacBook (2017 and up), iMac (2017 and up), Mac mini (2018 and up), and Mac Studio. There is also Safari 16.3.1 for Mac running macOS Big Sur and Monterey.
Apple has also released updates for tvOS 16.3.2 and watchOS 9.3.1, but has yet to release CVE entries. It’s unclear if there will be an update for iOS 15 devices.
In addition to the WebKit patch, the iOS, iPadOS, and macOS updates also include a fix for a “use after free use” issue that could allow an application to execute arbitrary code with kernel privileges.
To update your device, go to the Settings app on your iPhone or iPad, or System Preferences on Macs with macOS Ventura, then General And Software updatee. To update Safari on macOS Big Sur or Monterey, go to System Preferences, then Software updatecheck the box next to Safari 16.3.1 update and select Install now.