Apple’s iOS and macOS have a nasty vulnerability, so update now

Apple has issued a fix for two new vulnerabilities affecting iOS and iPadOS, and we suggest to update your devices right now.

One of the vulnerabilities, described in a support document by Apple (via TechCrunch), was found by researchers from Pangu Lab and Google Project Zero. It’s a kernel issue, allowing a malicious hacker to execute arbitrary code with kernel privileges on a user’s device.

The other bug affects WebKit, the web browser engine used by Safari, as well as other apps including Mail and App Store. It allows hackers to craft malicious web content that may lead to arbitrary code execution.

Both vulnerabilities affect iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Apple says that it’s aware of a report that the WebKit issue may have been actively exploited, meaning it’s not just a scenario a security researcher has cooked up in a lab, but something out there causing real damage. For this reason, you should update your device(s) to version 16.3.1 as soon as possible.

The WebKit bug also affects Safari on macOS Big Sur and Monterey, so users should update their Safari to version 16.3.1, too.

Security vulnerabilities are found on Apple devices fairly often (Apple issued 15 security updates for its devices in 2023), but often the fixes come before the bugs are actively exploited in the wild. If not, that’s one more reason to be hasty with the update.