Apple announced updates iOS 16.5.1 and iPadOS 16.5.1 fixes a localized security bug in WebKit and Kernel that allowed cybercriminals to execute arbitrary code with privileges.
The company published the new version of the operating systems on its support website, where it commented that it had registered a bug that had been actively exploited.
One of the bugs (CVE-2023-32434) was in versions prior to iOS 15.7 and allowed cybercriminals to execute arbitrary code with kernel privileges, which has been fixed thanks to the iOS 16.5.1 and iPadOS 16.5.1 updates.
Furthermore, Apple identified the CVE-2023-32439 vulnerability in WebKit, with a Processing of maliciously crafted web content which could also cause arbitrary code execution.
Both are available for iPhone 8 and later versions, all models of iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.