macOS is also affected. The bug is in the WebKit browser engine. Apple notes that the vulnerability is already being actively exploited.
Apple has again taken a “quick security measure” for iPhones and iPads. The unscheduled update closes a zero-day gap. It is available for iOS 16, iPadOS 16 and also macOS 13.
The release notes According to the report, the zero-day vulnerability is in the WebKit browser engine. An attacker can remotely inject and execute malicious code. A victim, in turn, only needs to be tricked into opening a specially crafted website using Safari.
Patches also for older macOS versions
“Apple is aware of a report that this issue may have been actively exploited,” Apple said in a statement. According to the company, the vulnerability was discovered by an anonymous security researcher.
Users of Apple devices should look out for updates to iOS 16.5.1 (a), iPadOS 16.5.1 (a) or macOS 13.4.1 (a). Apple offers bug-fixed Safari version 16.5.2 for macOS Big Sur and Monterey.
Apple introduced the security updates known as Rapid Security Response (RSR) in May. They serve as a new way for the company to distribute important security patches with less effort and outside of the usual operating system updates.