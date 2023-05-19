The update also fixes two zero-day vulnerabilities and a sandbox escape. iOS and iPadOS also give apps access to protected parts of the file system.

Apple has released another update for iOS 16. The OS-Version 16.5 eliminated 39 vulnerabilities. Some of the vulnerabilities are classified as critical because they allow remote code execution. However, the update also contains fixes for two zero-day vulnerabilities.

The zero-day vulnerabilities are in the WebKit browser engine. According to Apple, there are reports that the security holes are already being actively exploited by hackers. Since Amnesty International’s Security Lab was involved in discovering the bugs, targeted attacks on journalists or activists can be assumed.

iOS reveals location data

According to Apple, both vulnerabilities have already been closed with the Rapid Security Response Update to iOS 16.4.1 (a). Users who have omitted these patches should now at least update to iOS 16.5 as soon as possible.

Apple stuffs more holes in components such as Associated Domain (app sandbox escape), Cellular (remote code execution), CoreServices (bypassing security settings), GeoServices (disclosure of location data), ImageIO (remote code execution), Kernel (remote code execution) and PDFKit (DoS), Shortcuts (Disclosure of Confidential Information). An error in StorageKit is also classified as very serious. Apps may be able to modify protected parts of the file system.

However, iOS 16.5 is not just a security update. It also includes improvements and bug fixes. They affect the Spotlight, CarPlay and Screen Time features. Apple is also delivering some of these corrections and all patches with iPadOS 16.5, which is now also being distributed over-the-air to eligible devices.