Apple this week released numerous small updates for a variety of devices. While there are no new features to speak of, iPhone, iPad, Mac, Apple Watch, HomePod, and Apple TV users should go update them right now.
Most importantly, the iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates all include the same WebKit security update that patches a zero-day flaw known to have been used to hack iPhones, iPads, and Macs:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed with improved checks.
- WebKit Bugzilla: 251944/CVE-2023-23529: an anonymous researcher
Apple hasn’t released specifics about how the flaw may have been exploited. It’s the first zero-day flaw, which is defined as a recently discovered security vulnerability, that Apple has fixed this year. In addition to the WebKit patch, the iOS, iPadOS, and macOS updates also include a fix for a “use after free” issue that could allow an app to execute arbitrary code with kernel privileges.
The patch is for the iPhone 8 and later, iPad Air (3rd gen) and later, iPad (5th gen) and later, iPad mini (5th gen) and later, MacBook Pro (2017 and later), MacBook Air (2018 and later), MacBook (2017 and later), iMac (2017 and later), Mac mini (2018 and later), and Mac Studio. There’s also a new 16.3 version of Safari for Macs running macOS Big Sur and Monterey. While the version is the same as the previous one, the build number will update to 1676220.127.116.11.6 (Big Sur) and 177618.104.22.168.6 (Monterey).
A separate Big Sur update (11.7.4) for older Macs fixes a Safari issue where websites in the Favorites section of the Start page lost their custom favicons and instead displayed generic gray icons.
Apple also released HomePod 16.3.2 and tvOS 16.3.2 updates for all models, following 16.3.1 updates earlier this month. The HomePod update also addresses an issue where asking Siri for smart home requests may fail. WatchOS 9.3.1 was also released for Apple Watch Series 4 and later with “bug fixes and important security updates,” though Apple hasn’t yet published the specific CVE entries.
And finally, Apple has pushed a firmware update for the MagSafe cable on the 2021 and 2023 MacBook Pro and M2 MacBook Air with unspecified fixes.
Here’s how to find the update on each of your devices:
iPhone and iPad: Go to the Settings app, then General, and Software Update
macOS Ventura: Go to the System Settings app, then General and Software Update.
macOS Big Sur or Monterey: Got to the System Preferences app then Software Update
Apple Watch: Go to the Watch app on your iPhone, then General, and Software Update
Apple TV: Go to the Settings app, then General, and Update Software
HomePod: Go to the Home app on your iPhone, then Home Settings, and Software Update
MagSafe Cable: Plug it in, connect to your Mac and wait for the update to install