Apple is rolling out a patch that fixes potentially dangerous vulnerabilities in WebKit and IOSurfaceAccelerator. It is recommended to update immediately.

The vulnerabilities affect iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1 and Safari 16.4.1, meaning anyone with a supported Apple device should be vigilant. If you didn’t install any updates over the Easter weekend, you’d better prioritize that today.

A first vulnerability, named CVE-2023-28205, could allow WebKit to process malicious web content, which could lead to arbitrary code execution. WebKit is the underlying engine of Safari, the browser that comes preinstalled on every Apple device. This means that this vulnerability has a potentially large reach. Also in February, Apple had to pull the emergency brake to close a leak in WebKit that exposed data on your smartphone.

But CVE-2023-28206 should not be underestimated either. This is a bug in IOSurfaceAccelerator that can inadvertently allow an application to run code in the operating system kernel. The patch includes improved input validation and memory management to address both vulnerabilities.

Update as soon as possible

According to Apple, there is evidence that the vulnerabilities are currently being actively exploited by malicious actors, which only increases the urgency to install the patch. You can check for available updates through your device’s settings. If you have automatic updates turned on, your device may have already updated itself.

With the release of Apple iOS 16.3, iPadOS 16.3 and macOS Ventura 13.3, Apple promised to roll out security updates faster. The iPhone manufacturer is already showing that this was no empty promise by acting decisively again.