iPhone and iPad users are urged to update their devices to iOS 16.5 immediately, without waiting for automatic updates.
Apple has confirmed that the three vulnerabilities lay within the WebKit browser engine and are currently active as described below.
- CVE-2023-32409 which could enable a remote attacker to break out of the Web Content security sandbox.
- CVE-2023-28204 which may disclose sensitive information when processing web content.
- CVE-2023-32373, which could lead to arbitrary code execution using maliciously crafted web content.
Users are encouraged to manually update their iPhones to iOS 16.5 which patches these vulnerabilities. To update, go to Settings – General > Software Update and click on the latest update.
