Apple has released updates for iOS, iPadOS, and macOS to address a pair of critical vulnerabilities. The arbitrary code execution flaws in the libxml 2 library were detected by researcher from Google Project Zero. Users are urged tom update to ioS 16.1.1, iPadOS 16.1.1, and macOS Ventura 13.0.1.
Note
- This update fixes two specific XML parser issues. Details about these issues, with proof of concept code, were released the same day the update was released. I don’t care if you wait patching this. If you don’t, it may make for a neat future NewsBites story about how your organization was compromised.
- I know, you are still finishing rolling out iOS/iPadOS 16.1, and you noticed 16.2 is only a few weeks away, so you were hoping for breathing room. The good news is users who haven’t updated will get 16.1.1 when they do, and that these updates are only for iOS/iPadOS 16, as well as macOS Ventura. Exploiting the flaws allows an attacker to terminate a running application or execute arbitrary commands on the device. There are also unspecified bug fixes in these updates which help with some petty annoyances your users may be facing.
Read more in
