Apple has released iOS 16.4.1 and macOS 13.3.1. The updates address the same zero-day vulnerabilities. According to Apple, they were actively exploited and enabled arbitrary remote code execution on devices.

vulnerabilities Their location has been determined In IOSurfaceAccelerator and WebKit they are called CVE-2023-28206 and CVE-2023-28205 respectively. The first is related to an out-of-bounds bug in the operating system kernel. Apple wrote that this allowed a malicious app to execute arbitrary code with kernel privileges.

Due to the second vulnerability, visiting malicious web content, such as websites or advertisements, may lead to arbitrary code execution on the device. Apple also releases little detailed information about the bugs.

In addition to zero-day vulnerabilities, the updates fix a number of minor bugs. Both the iOS and macOS update fixes a bug that prevented emoji skin tone differences from appearing. Also, an iOS update should fix Siri not responding in some cases. Finally, it was possible to fix an issue that caused unlocking an iMac with an Apple Watch to not work properly in a number of cases.