Apple has released interim updates for iOS/iPadOS 16.5.1, macOS Ventura 13.4.1 and watchOS 9.5.2, which have closed a number of zero-day vulnerabilities. There are no new features in them, but Apple recommends that all users install them.
Since these vulnerabilities are present in older versions of the system, they have also received updates.: these are builds of iOS 15.7.7, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, watchOS 8.8.1 and iPadOS 15.7.7.
One of the closed vulnerabilities, called CVE-2023-32434, was discovered by Kaspersky Lab employees. It allows you to run arbitrary code with kernel access rights on iPhone 6s and newer models, as well as most tablets, including all iPad Pro, as well as iPad Air 2, iPad mini 4, iPad 5 and newer.
In parallel, two more WebKit vulnerabilities were closed. They allow you to run arbitrary code after processing certain web content. So, the vulnerability CVE-2023-32435 discovered by the same Kaspersky employees works on iPhone 7 and older devices, and CVE-2023-32439 from anonymous researchers can work on current models.
Apple also confirmed that according to reports, these vulnerabilities could be actively used on iOS 15.7 and older versions, but did not comment on the accuracy of this information.In parallel, the iOS 16.5.1 update fixes an error in which Lightning/USB 3 charging did not take place to connect the camera.