EletiofeApple's iOS 16.5 Fixes 3 Security Bugs Already Used...

Apple’s iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks


- Advertisment -

Apple, Google, and Microsoft have released major patches this month to fix multiple security flaws already being used in attacks. May was also a critical month for enterprise software, with GitLab, SAP, and Cisco releasing fixes for multiple bugs in their products.

Here’s everything you need to know about the security updates released in May.

Apple iOS and iPadOS 16.5

Apple has released its long-awaited point update iOS 16.5, addressing 39 issues, three of which are already being exploited in real-life attacks. The iOS upgrade patches vulnerabilities in the Kernel at the heart of the operating system and in WebKit, the engine that powers the Safari browser. The three already exploited flaws are among five fixed in WebKit—tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

CVE-2023-32409 is an issue that could allow an attacker to break out of the Web Content sandbox remotely, reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. CVE-2023-28204 is a flaw that risks a user disclosing sensitive information. Finally, CVE-2023-32373 is a use-after-free bug that could enable arbitrary code execution.

Earlier in the month, Apple released iOS 16.4.1 (a) and iPadOS 16.4.1 (a)—the iPhone maker’s first-ever Rapid Security Response update—fixing the latter two exploited WebKit vulnerabilities also patched in iOS 16.5.

Apple iOS and iPadOS 16.5 were issued alongside iOS 15.7.6 and iPadOS 15.7.6 for older iPhones, as well as iTunes 12.12.9 for Windows, Safari 16.5, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6.

Apple also released its first security update for Beats and AirPods headphones.


Microsoft’s mid-month Patch Tuesday fixed 40 security issues, two of which were zero-day flaws already being used in attacks. The first zero-day vulnerability, CVE-2023-29336, is an elevation-of-privilege bug in the Win32k driver that could allow an attacker to gain System privileges.

The second serious flaw, CVE-2023-24932, is a Secure Boot security feature bypass issue that could allow a privileged attacker to execute code. “An attacker who successfully exploited this vulnerability could bypass Secure Boot,” Microsoft said, adding that the flaw is difficult to exploit: “Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.”

The security update is not a full fix: It addresses the vulnerability by updating the Windows Boot Manager, which could cause issues, the company warned. Additional steps are required at this time to mitigate the vulnerability, Microsoft said, pointing to steps affected users can take to mitigate the issue.

Google Android

Google has released its latest Android security patches, fixing 40 flaws, including an already exploited Kernel vulnerability. The updates also include fixes for issues in the Android Framework, System, Kernel, MediaTek, Unisoc, and Qualcomm components.

The most severe of these issues is a high-severity security vulnerability in the Framework component that could lead to local escalation of privilege, Google said, adding that user interaction is needed for exploitation.

Previously linked to commercial spyware vendors, CVE-2023-0266 is a Kernel issue that could lead to local escalation of privilege. User interaction is not needed for exploitation.

Latest news

The 13 Best Movies on Amazon Prime Right Now

Over the past year or so, Netflix and Apple TV+ have been duking it out to have the most...

New York City Is Drowning

New York and the surrounding areas are under a flash flood warning, and the city and state have issued...

‘EA Sports FC 24’ Is Just ‘FIFA 24’ in a Different Jersey

Breakups are hard. They can also be freeing. Just ask the producers of EA Sports FC 24.After a messy...

15 Best Hair Straighteners We’ve Tested (2023): Flat Irons, Hot Combs, and Straightening Brushes

If you buy something using links in our stories, we may earn a commission. This helps support our journalism....
- Advertisement -

This Is Insulting And Deceitful – LP Slams Uzodimma Over Promise Of 4,000 Jobs In Europe, Canada

The Labour Party (LP) has taken a swipe at the Governor of Imo State, Hope Uzodinma after he pledged...

Why Igbos Are Divided People, Attack Each Other – Okonjo-Iweala

Ngozi Okonjo Iweala, the Director-General of the World Trade Organisation (WTO), has said that the worsening insecurity in the...

Must read

The 13 Best Movies on Amazon Prime Right Now

Over the past year or so, Netflix and Apple...

New York City Is Drowning

New York and the surrounding areas are under a...
- Advertisement -

You might also likeRELATED
Recommended to you