Apple has released iOS 16.4 and urges iPhone users, especially those with older devices, to update immediately to take advantage of some important security fixes
Despite the seemingly modest update number (16.x instead of 16.xx), this update has been patched 32 known security flaws (opens in new tab) which has been plaguing iOS 16 users for a while now, making it an essential update even if you’re not looking for the latest features.
One of the vulnerabilities patched is a fix for a WebKit-type confusion issue that hackers could use to cause OS crashes and gain code execution on compromised iOS and iPadOS devices.
iOS 16.4 security update
If successful, anyone using the flaw could execute arbitrary code, most likely by tricking victims into opening malicious web pages.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this vulnerability may have been actively exploited,” Apple describes the zero-day. “Apple is aware of a report that this issue may have been actively exploited.”
Older iPhone devices are particularly susceptible, with the list of affected devices including iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices.
Elsewhere, iOS 16.4 also fixes a troubling calendar bug that caused malicious invites to leak user information, as well as further fixes, including the Photos app’s Hidden Photos Album that allowed access without authentication via Visual Lookup, a handful of Safari and WebKit bugs, including one that saw some user information being traceable, and some kernel-related issues.
More generally, macOS 13.3 fixes issues related to trackpad gestures and accessibility features, while iOS 16.4 also added support for home screen web apps by third-party browsers, a new order tracking widget for Apple Pay purchases as part of the Wallet app, voice isolation for mobile calls (as well as video and VoIP calls as before) and other UI tweaks.
