Apple finally patches actively exploited WebKit flaw in older iPhones

When iOS 16.3.1 arrived in February, it included a critical security fix for a WebKit vulnerability that was known to have been actively exploited. At the same time, Apple patched iPadOS (16.3.1), macOS Ventura (13.2.1), and Safari for Monterey and Big Sur (16.3.1).

Over a month later, Apple has finally updated older iPhones and iPads, too. iOS 15.7.4, which is for the iPhone 6s, iPhone 7, and  iPhone SE (1st gen), and iPadOS 15.7.4, for iPad Air 2, iPad mini (4th gen), and iPod touch (7th gen), contains 16 security patches for a variety of system functions, but none are bigger than the WebKit patch from last month:

WebKit

• Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
• Description: A type confusion issue was addressed with improved checks.
• WebKit Bugzilla: 251944/CVE-2023-23529: an anonymous researcher

Additionally, there are security updates for Calendar, Find My, and Shortcuts that are also part of iOS 16.4 and iPadOS 16.4. There’s also a second WebKit patch:

WebKit

• Impact: A website may be able to track sensitive user information
• Description: The issue was addressed by removing origin information.
• WebKit Bugzilla: 250837/CVE-2023-27954: an anonymous researcher

With iOS 17 set to arrive this fall, it’s likely that this is one of the last iOS 15 versions Apple will release before turning off updates. To download iOS 15.7.4, head over to the Settings app, then tap General and Software Update. Tap Download and Install and follow the prompts.