Modern web browsers are complicated, which opens them up to more potential security problems. Apple has now released updates to patch a flaw in Safari that allowed web pages to execute code on the device.

Apple just released system updates for iPhones, iPads, and Macs, all of which include a fix for a flaw in Safari's webkit engine. The updates have version numbers of iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1, respectively. Apple hasn't disclosed details about the security vulnerability, except that it allows "maliciously crafted web content" to run arbitrary code on the device as if a native application was running.

Unfortunately, this is also a zero-day vulnerability -- Apple says it is "aware of a report that this issue may have been actively exploited." For Mac computers not updated to Ventura, Safari 16.4.1 is rolling out to macOS Big Sur and Monterey with the same fix.

The updates for macOS Ventura, iOS 16, and iPadOS 16 also include a fix for another security vulnerability in IOSurfaceAccelerator, a system framework. That flaw allows for arbitrary code execution with the same provides as kernel code. Apple says that flaw may also be in use already in the wild.

You can download the new OS updates from the Settings app on your iPhone, iPad, or Mac. Perhaps, one of these days, Apple will figure out how to update Safari without a full operating system upgrade.

Source: Apple (iOS/iPadOS, macOS, Safari)