Apple released iOS 16.6 to everyone today, and while the update doesn’t include any new user-facing features, it does come with over a dozen important security fixes.Notably, two of the fixes are for actively exploited flaws.
After releasing iOS 16.6 this morning alongside iPadOS 16.6, tvOS 16.6, watchOS 9.6, and macOS 13.5 with “important bug fixes and security updates,” Apple shared all the details on its security page.
Advertisement
16 security fixes and two for actively exploited vulnerabilities.
The 16 bugs fixed range from categories such as Core, Find My, WebKit, and Apple Neural Engine.
Apple says two of them are likely to have been heavily used.A patch was first released for the WebKit vulnerability in Rapid Security Response iOS 16.5.1(c) for the WebKit vulnerability.And a kernel vulnerability that was probably heavily exploited may have been patched for the first time in iOS 15.7.1.However, Apple says they are also resolved in iOS 16.6.
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Advertisement
Impact.An application can change the kernel’s private state.Apple is aware of a report that this issue may have been heavily exploited on versions of iOS prior to iOS 15.7.1.
Description.This issue was addressed through improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_) and Boris Larin (@oct0xor) of Kaspersky Lab.
webkit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been actively exploited.
Description.This issue was addressed with improved checks.
WebKit Bug: 259231
CVE-2023-37450: Anonymous Researcher
This issue was first resolved in Rapid Security Response iOS 16.5.1(c) and iPadOS 16.5.1(c).
Here are the full security details for the 16 patches shipped with iOS 16.6:
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation).
Impact.An application can execute arbitrary code with kernel privileges.
Description.This issue was addressed through improved memory handling.
CVE-2023-38136 : Mohamed GUNNAM (@_simo36)
CVE-2023-38580 : Mohamed GUNNAM (@_simo36)
find my
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The app can read sensitive location information.
Description.A logic issue was addressed with improved restrictions.
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.An application can execute arbitrary code with kernel privileges.
Description.This issue was addressed through improved memory handling.
CVE-2023-32734 : Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.OOO
CVE-2023-32441: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs SG Pte.OOO
CVE-2023-38261: Anonymous Researcher
CVE-2023-38424: Certik Skyfall Team
CVE-2023-38425: Certik Skyfall Team
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.An application can change the kernel’s private state.Apple is aware of a report that this issue may have been heavily exploited on versions of iOS prior to iOS 15.7.1.
Description.This issue was addressed through improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_) and Boris Larin (@oct0xor) of Kaspersky Lab.
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.An application can execute arbitrary code with kernel privileges.
Description.A use after free issue was addressed with improved memory management.
CVE-2023-32381: Anonymous Researcher
CVE-2023-32433: Zweig of Kunlun Lab
CVE-2023-35993 : Kaitao Xie and Xiaolong Bai of Alibaba Group
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The user can elevate privileges.
Description.This issue was addressed with improved checks.
CVE-2023-38410: Anonymous Researcher
core
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.A remote user can cause a denial of service.
Description.This issue was addressed with improved checks.
CVE-2023-38603: Zweig of Kunlun Lab
libxpc
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The application may have gained root privileges.
Description.A path handling issue was addressed with improved validation.
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)
libxpc
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The application may have caused a denial of service.
Description.A logic issue was addressed with improved checks.
CVE-2023-38593 : Noah Roskin-Frazy
NSURLSession
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The application may have exited the sandbox.
Description.This issue was addressed through improvements to the file handling protocol.
CVE-2023-32437: Thijs Alkemade of Computest Sector 7
webkit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The website may circumvent the same-origin policy.
Description.This issue was addressed with improved checks.
WebKit Bug: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma Soft Pvt.Ltd, Pune – India
webkit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.Processing web content may lead to arbitrary code execution.
Description.This issue was addressed with improved checks.
WebKit Bug: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bug: 256573
CVE-2023-38595 : Anonymous researcher Jiming Wang and Jikai Ren.
WebKit Bug: 257387
CVE-2023-38600 : Anonymous working with the Trend Micro Zero Day Initiative
webkit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.Processing web content may lead to arbitrary code execution.
Description.This issue was addressed through improved memory handling.
WebKit Bug: 258058
CVE-2023-38611 : Francisco Alonso (@revskills)
webkit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.Processing web content may lead to arbitrary code execution.Apple is aware of a report that this issue may have been actively exploited.
Description.This issue was addressed with improved checks.
WebKit Bug: 259231
CVE-2023-37450: Anonymous Researcher
This issue was first resolved in Rapid Security Response iOS 16.5.1(c) and iPadOS 16.5.1(c).
WebKit process model
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.Processing web content may lead to arbitrary code execution.
Description.This issue was addressed with improved checks.
WebKit Bugzilla: 258100
CVE-2023-38597: 이준성 (Junsung Lee) of Cross Republic
WebKit Web Inspector
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact.The processing of web content may result in the disclosure of confidential information.
Description.This issue was addressed with improved checks.
WebKit Bug: 256932
CVE-2023-38133 : Yonghyeon Choi (@hyeon101010)
Additional Recognition
We would like to thank Parvez Anwar for their help.
WebRTC
We would like to thank the anonymous researcher for their help.