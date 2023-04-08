Home Business Emergency patch: Apple fixes zero-day holes in iOS 16
by admin
They allow remote injection and execution of malicious code. Exploitation via manipulated apps or specially designed websites is possible.

Apple has two Zero-Day-Lücken in iOS 16 and iPadOS 16 closed. All iPhones from the iPhone 8 and higher are affected, as well as all iPads Pro iPad Air 3 and newer, the iPad 5 and newer, and the iPad Mini 5 and newer. Attackers may be able to inject malicious code and run it with kernel privileges.

In a security notification, Apple points out that there are already reports of active exploitation of the two vulnerabilities. The company does not give details on this. However, it could be a matter of targeted attacks on human rights activists or political activists – in addition to Clément Lecigne from Google’s Threat Analysis Group, Donnacha Ó Cearbhaill from the Amnesty International Security Lab is also named as the discoverer of the vulnerabilities.

iOS 16.4.1 and iPadOS 16.4.1 fix the bugs

The first vulnerability is in the IOSurfaceAccelerator component. According to Apple, it can be exploited using a specially designed app. A vulnerability in WebKit based on a use-after-free bug also allows remote code execution. Here it is apparently sufficient to lure a user to a specially designed website.

Fixes for both vulnerabilities are included in the currently available update to iOS 16.4.1 and iPadOS 16.4.1. The updates are distributed via the update function of the mobile operating system. The installation of the new OS version can also be initiated manually via the Software update item in the general settings.

Apple also uses the update to fix two bugs. Recently, no skin tone variants were displayed for the emoji with the pushing hands. Also, according to Apple, Siri sometimes did not respond.

