After releasing iOS 16.4.1 last Friday to fix a series of bugs and patch two critical security flaws, Apple has released iOS 15.7.5 and iPadOS 15.7.5 to address the same security issues in pre-iPhone 8 models. The update doesn’t appear to offer any additional enhancements and is recommended for all users.
According to Apple’s security content page, the two fixes are the same as the ones patched in iOS 16.4.1 and iPadOS 16.4.1 last week. It is only for the following devices: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
- Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved input validation.
- CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A use after free issue was addressed with improved memory management.
- WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
Apple says the vulnerabilities may have already been actively exploited, and the speed at which they pushed out the update suggests it’s extremely serious. Apple generally releases security update for older iPhones alongside larger iOS updates.
Read more about How long Apple supports iPhones for.