Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


  iOS 16.1.1, iPadOS 16.1.1, and macOS 13.0.1 Ventura Plug Two Security Holes

   Josh Centers

   Apple has released [1]iOS 16.1.1, iPadOS 16.1.1, and [2]macOS Ventura
   13.0.1 to close a pair of severe security vulnerabilities in libxml2 (a
   software library for parsing XML documents). Both allow a remote user
   to 'cause unexpected app termination or arbitrary code execution.'
   Needless to say, it's seriously problematic when a remote user could do
   such things. The saving grace is that the vulnerabilities were
   discovered by Google Project Zero and aren't being exploited in the
   wild.

   You can update to iOS 16.1.1 and iPadOS 16.1.1 in Settings > General >
   Software Update and update to macOS 13.0.1 in System Settings > General
   > Software Update (though it's not appearing for Adam's M1 MacBook Air
   yet). If your devices are running 16, iPadOS 16, or Ventura, you should
   update as soon as possible to fix these security issues. Apple hasn't
   released security updates for its older but still supported operating
   systems; we don't know if they're immune or if those updates are coming
   soon.

References

   1. https://support.apple.com/en-us/HT213505
   2. https://support.apple.com/en-us/HT213504

.