APPLEiOSTECH NEWS

Apple's Latest Security Update: Fixing Zero-Day Flaws for iPhones, Macs, and iPads

Apple's Response to the CVE-2023-28206 and CVE-2023-28205 Vulnerabilities

Photo of Adil Sattar Adil Sattar Send an email April 11, 2023Last Updated: April 24, 2026
0 1 minute read
Apple's Latest Security Update Fixing Zero-Day Flaws for iPhones, Macs, and iPads
Apple's Latest Security Update Fixing Zero-Day Flaws for iPhones, Macs, and iPads

Apple has recently released iOS 16.4.1 and iPadOS 16.4.1 updates, which fix two zero-day flaws that were actively exploited against users with iPhones, Macs, and iPad devices. These two flaws, tracked as CVE-2023-28206 and CVE-2023-28205, could have allowed threat actors to take over the victim’s devices and gain full access to their endpoints.

The first flaw, identified as CVE-2023-28206, is related to the IOSurfaceAccelerator component, which is available on iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later. The flaw could allow an app to execute arbitrary code with kernel privileges. Apple has confirmed that this flaw may have been actively exploited.

The second flaw, identified as CVE-2023-28205, is related to the WebKit component, which is also available on the same iOS and iPadOS devices. The flaw could allow maliciously crafted web content to execute arbitrary code, which could also have been actively exploited.

Apple's Response to the CVE-2023-28206 and CVE-2023-28205 Vulnerabilities
Apple’s Response to the CVE-2023-28206 and CVE-2023-28205 Vulnerabilities

Apple has stated that it is aware of a report suggesting that both of these flaws were being actively exploited. The company has released the updates with the fixes for both flaws and recommended that all users update their devices immediately.

 

According to Apple’s security advisory, an out-of-bounds write issue was addressed with improved input validation for the IOSurfaceAccelerator flaw. For the WebKit flaw, a use-after-free issue was addressed with improved memory management.

These vulnerabilities were discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. The details of how the vulnerabilities were exploited have not been disclosed, but it is clear that the attackers had a way to bypass Apple’s security mechanisms.

In conclusion, Apple has fixed two serious zero-day flaws that were actively exploited against its users. These flaws could have allowed attackers to take over victim’s devices and gain full access to their endpoints. It is crucial for all iOS and iPadOS users to update their devices to the latest version as soon as possible to stay protected.

Tags
Photo of Adil Sattar Adil Sattar Send an email April 11, 2023Last Updated: April 24, 2026
0 1 minute read
Photo of Adil Sattar

Adil Sattar

Adil Sattar is a seasoned writer, SEO expert, and technology journalist with years of hands-on experience in the digital content and IT industries. With a passion for uncovering the latest breakthroughs in technology, Adil has dedicated his career to making complex tech concepts simple, engaging, and accessible to a broad audience. Armed with deep expertise in search engine optimization, Adil understands not just how to write great content — but how to make sure it reaches the right audience. His work spans a wide range of technology topics including artificial intelligence, cybersecurity, software development, consumer electronics, and digital innovation. As the founder and lead writer at TechBeams, Adil has built a platform trusted by tech enthusiasts, IT professionals, and everyday readers alike. His unique blend of technical knowledge, SEO acumen, and storytelling ability sets TechBeams apart as a go-to destination for reliable and insightful tech content. When he's not writing or researching the next big thing in tech, Adil is constantly learning, adapting, and staying ahead of the curve in an ever-evolving digital landscape.

Leave a Reply

Back to top button