As a general rule, as you already know, we recommend waiting a few days before installing an OS update. However, with iOS 16.5 and ipadOS 16.5 I find it necessary to make an exception. And yes, as you may have already deduced from the title of this news, this recommendation has nothing to do with new features, improvements or anything like that. No, the raison d’être for this unusual haste is nothing more than to protect against at least three threats, although it is possible that you are already protected against two of them.

As you may recall, earlier this month Apple announced Rapid Security Responses, a new feature for its operating systems substantially speeds up the vulnerability patching process. With this system, security updates are “pushed” by Apple immediately to all devices that need them, instead of having to wait for a regular operating system update.

Shortly after the debut of this new feature, just a few days later, I saw my iPhone asking me to restart to complete an update process that I had not started. It felt a bit strange at first, but it didn’t take long to verify that I was witnessing the already announced security update process. And as I mentioned when I talked about this news, I think it’s a great success because it significantly speeds up the deployment of these patches, making the operating system much more secure.

However, and we can understand that this is because his deployment was already imminent, Apple has reserved a security patch for iOS 16.5. A patch that extra adds to the two previously deployed through rapid security responsesso that users who do not have this feature enabled (remember that it can be disabled at will) have three times more reason to install this update as soon as possible.

These are the three vulnerabilities that are fixed by the update to iOS 16.5:

• CVE-2023-32409, which could allow a remote attacker to breach the security sandbox of web content.
• CVE-2023-28204, which may expose sensitive information when processing web content.
• CVE-2023-32373, which could lead to arbitrary code execution using malicious website content.

In accordance with the principles of responsible disclosure, these vulnerabilities and their effects have been reported, but not the affected components and how they were exploited, so that affected users have time to update their devices. However, Apple acknowledged this use of these vulnerabilities has been detectedso the threat is real and already exists, so once again if you are an iPhone and/or iPad user please update to iOS 16.5 and ipadOS 16.5 as soon as possible.