As a general rule, you already know, we recommend waiting a few days before installing an OS update. However, with iOS 16.5, as well as ipadOS 16.5, I find it necessary to make an exception. And yes, as you may have already deduced from the title of this news item, that recommendation has nothing to do with new features, improvements, or anything like that. No, the raison d’être of this unusual haste is none other than to protect yourself from no less than three threats, although it is possible that you are already protected against two of them.
As you may recall, earlier this month Apple announced Rapid Security Responses, a new feature for its operating systems that substantially speeds up the vulnerability patching process. With this system, security updates are “pushed” by Apple immediately to all devices that need them, instead of making it necessary to wait until the regular operating system update.
Shortly after the debut of this new feature, just a few days later, I saw my iPhone asking me to restart it to complete an update process that I hadn’t started. At first it seemed a bit strange to me, but it didn’t take long for me to verify that I had witnessed the already announced security update process. And as I already mentioned when talking about this novelty, I think it is a great success, since it substantially speeds up the deployment of these patches, making the operating system much more secure.
However, and we can understand that it is because its deployment was already imminent, Apple has reserved a security patch for iOS 16.5. A patch that, in addition, adds to the two that were previously deployed through Rapid Security Responsesso that users who do not have that feature enabled (remember that it can be disabled at will), have three times as many reasons to install this update as soon as possible.
These are the three vulnerabilities that are fixed with the update to iOS 16.5:
- CVE-2023-32409 that could allow a remote attacker to break out of the web content security sandbox.
- CVE-2023-28204 that can reveal sensitive information when processing web content.
- CVE-2023-32373, which could lead to arbitrary code execution using maliciously crafted web content.
Following responsible disclosure policies, these vulnerabilities and their effects have been reported, but not the affected components and how they can be exploited, in order to give affected users time to update their devices. However, Apple has acknowledged that the use of these vulnerabilities has been detectedso the threat is real and already there, so once again, if you are an iPhone and/or iPad user, update to iOS 16.5 and ipadOS 16.5 as soon as possible.