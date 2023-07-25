It is in the kernel and allows malicious code to be executed. Affected are iOS and iPadOS 15 and 16, as well as macOS 11, 12 and 13.

Apple hat iOS 16.6, iPadOS 16.6 and macOS 13.5 published. The updates close a zero-day vulnerability that, according to the company’s findings, is already being actively exploited for attacks. So far, however, these should only be aimed at devices with iOS 15.7 and earlier.

The zero-day vulnerability is in the kernel of the Apple operating systems. “An app can possibly change the confidential state of the kernel,” the company said in a security warning. The issue was addressed through better kernel state management.

25 holes in iOS, 42 holes in macOS

According to Apple, the vulnerability was discovered by employees of the security provider Kaspersky. This suggests that the zero-day vulnerability is used to inject malware.

With iOS16 and iPadOS 16, Apple plugs a total of 25 holes. Fixes are available for the Apple Neural Engine, Find My, Kernel, and WebKit components, among others. The most serious flaws may allow an unauthorized person to remotely inject and execute malicious code and even bypass security features like a sandbox.

However, the advisory for macOS 13.5 lists 42 security problems. The components AppSandbox, Assets, Kernel, libxpc, OpenLDAP, PackageKit and WebKit, among others, are vulnerable here. In addition to remote code execution, the updates are also intended to prevent the disclosure of confidential information and denial-of-service attacks.

As always, Apple distributes the updates for iPhones and iPads over the air. They are also available for iOS 15.7 and iPadOS 15.7. Users of macOS 13 Ventura, 12 Monterey and 11 Big Sur receive the new OS versions via the integrated update function.