Enlarge / The backs of the iPhone 14, iPhone 14 Pro, and iPhone 14 Pro Max.
Samuel Axon
Apple has released bug fix and security updates for several of its operating systems, including iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1.
The iOS and iPadOS updates don’t add any new features. Their main purpose is to address two separate major security vulnerabilities, and the release notes include two big fixes.
Apple details the bug fixes as follows:
- Pushing hands emoji does not show skin tone variations
- Siri does not respond in some cases
Some users have been complaining vocally about the Siri bug, and Apple says it shouldn’t be a problem anymore. As for the security updates, Apple says both vulnerabilities opened the door to arbitrary code execution, and both have reportedly been actively exploited. The company’s security notes say:
IOSurfaceAccelerator
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
The macOS update addresses the same security vulnerabilities, and it also fixes the same bug with skin tones in emojis. But it also fixes a bug that impacted the feature that allows you to unlock your Mac with your Apple Watch.
These updates come just 10 days after Apple released iOS 16.4 and macOS Ventura 13.3. Those major updates added new emojis, introduced expanded accessibility features, and fixed several bugs.
Apple is expected to release at least one more major update for iOS 16, dubbed iOS 16.5, before iOS 17 is introduced this fall. The company will detail the features coming to iOS 17 and macOS 14 at its Worldwide Developers Conference, which begins June 5.
Source link
