You should probably upgrade your iPhone to iOS 16.5 – there's a big security issue
Update your iPhone and iPad now.
If you own an iPhone or iPad, you should update to iOS 16.5 now after concerns of a significant security threat.
Apple released the iOS 16.5 update last week, highlighting security fixes for three zero-day vulnerabilities found within the WebKit browser engine. However, these vulnerabilities could be actively exploited, leading to worrying security concerns.
The security risks impact iPhone 8 and later, all iPad Pros, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple's support document says the specific vulnerabilities are:
- CVE-2023-32409 which could enable a remote attacker to break out of the Web Content security sandbox.
- CVE-2023-28204 which may disclose sensitive information when processing web content.
- CVE-2023-32373 which could lead to arbitrary code execution using maliciously crafted web content.
Huge security concerns
Forbes spoke to Sean Wright, the principal application security engineer at Featurespace. He said iOS 16.5 shows "another mixed bag of vulnerabilities, some with quite severe impacts if an attacker were able to successfully exploit them,"
"Chaining some of these vulnerabilities together could potentially allow an attacker to be able to remotely gain full control of a device"
Wright says the WebKit vulnerabilities are very worrying and urges everyone to update regularly to ensure their iOS devices are protected from potential security issues.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
It's worth noting that while vulnerabilities should be a concern, you shouldn't worry too much about these vulnerabilities. As long as you update your device and remain vigilant, your iOS device should be protected against major threats.
Since the release of iOS 16.5, Apple has started seeding iOS 16.6 beta to developers, looking to keep improving security across iOS.
With WWDC around the corner on June 5, there will be hopes that Apple strengthens security across its operating systems to make sure that iOS 17 and iPadOS 17 are as stable and security-rich as possible.
John-Anthony Disotto is the How To Editor of iMore, ensuring you can get the most from your Apple products and helping fix things when your technology isn’t behaving itself. Living in Scotland, where he worked for Apple as a technician focused on iOS and iPhone repairs at the Genius Bar, John-Anthony has used the Apple ecosystem for over a decade and prides himself in his ability to complete his Apple Watch activity rings. John-Anthony has previously worked in editorial for collectable TCG websites and graduated from The University of Strathclyde where he won the Scottish Student Journalism Award for Website of the Year as Editor-in-Chief of his university paper. He is also an avid film geek, having previously written film reviews and received the Edinburgh International Film Festival Student Critics award in 2019. John-Anthony also loves to tinker with other non-Apple technology and enjoys playing around with game emulation and Linux on his Steam Deck.
In his spare time, John-Anthony can be found watching any sport under the sun from football to darts, taking the term “Lego house” far too literally as he runs out of space to display any more plastic bricks, or chilling on the couch with his French Bulldog, Kermit.