Apple released iOS 16.5 on May 19, 2023, to patch 39 security vulnerabilities. Yes, 39. That’s a fairly large number, especially given the context relating to 39 things that could have gone wrong but didn’t. The update includes patches for three actively exploited vulnerabilities, which could have been used to steal data or take control of devices. Speaking to Forbes, Sean Wright, a security engineer for Apple, said: “Chaining some of these vulnerabilities together could potentially allow an attacker to be able to remotely gain full control of a device” Apple’s support document lists the three actively exploited vulnerabilities: .stk-33b8dbc .stk-block-heading__bottom-line{background-color:var(–stk-global-color-56583,#911d9c) !important}CVE-2023-32409 could allow a remote attacker to escape the Web Content security sandbox .stk-7433cbf{box-shadow:0 5px 5px 0 rgba(18,63,82,0.035) !important;padding-top:0px !important;padding-right:0px !important;padding-bottom:0px !important;padding-left:0px !important} .stk-9e4867f{padding-top:8px !important;padding-right:32px !important;padding-bottom:8px !important;padding-left:32px !important} .stk-783f94f .stk-block-heading__text{font-size:17px !important}@media screen and (max-width:1023px){.stk-783f94f .stk-block-heading__text{font-size:17px !important}}CVE-2023-32409 .stk-b42aaca-container{padding-top:0px !important;padding-bottom:8px !important} .stk-78a0ab1 ul li,.stk-78a0ab1 ol li{font-size:16px !important}.stk-78a0ab1 ul li:nth-child(2){list-style-image:url(‘data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgZm9jdXNhYmxlPSJmYWxzZSIgZGF0YS1wcmVmaXg9ImZhcyIgZGF0YS1pY29uPSJza3VsbC1jcm9zc2JvbmVzIiBjbGFzcz0ic3ZnLWlubGluZS0tZmEgZmEtc2t1bGwtY3Jvc3Nib25lcyBmYS13LTE0IiByb2xlPSJpbWciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQ0OCA1MTIiIHN0eWxlPSJmaWxsOiAjMDAwICFpbXBvcnRhbnQ7IGNvbG9yOiAjMDAwICFpbXBvcnRhbnQ7dHJhbnNmb3JtOiByb3RhdGUoZGVnKSAhaW1wb3J0YW50OyI+PHBhdGggZmlsbD0iIzAwMCIgZD0iTTQzOS4xNSA0NTMuMDZMMjk3LjE3IDM4NGwxNDEuOTktNjkuMDZjNy45LTMuOTUgMTEuMTEtMTMuNTYgNy4xNS0yMS40Nkw0MzIgMjY0Ljg1Yy0zLjk1LTcuOS0xMy41Ni0xMS4xMS0yMS40Ny03LjE2TDIyNCAzNDguNDEgMzcuNDcgMjU3LjY5Yy03LjktMy45NS0xNy41MS0uNzUtMjEuNDcgNy4xNkwxLjY5IDI5My40OGMtMy45NSA3LjktLjc1IDE3LjUxIDcuMTUgMjEuNDZMMTUwLjgzIDM4NCA4Ljg1IDQ1My4wNmMtNy45IDMuOTUtMTEuMTEgMTMuNTYtNy4xNSAyMS40N2wxNC4zMSAyOC42M2MzLjk1IDcuOSAxMy41NiAxMS4xMSAyMS40NyA3LjE1TDIyNCA0MTkuNTlsMTg2LjUzIDkwLjcyYzcuOSAzLjk1IDE3LjUxLjc1IDIxLjQ3LTcuMTVsMTQuMzEtMjguNjNjMy45NS03LjkxLjc0LTE3LjUyLTcuMTYtMjEuNDd6TTE1MCAyMzcuMjhsLTUuNDggMjUuODdjLTIuNjcgMTIuNjIgNS40MiAyNC44NSAxNi40NSAyNC44NWgxMjYuMDhjMTEuMDMgMCAxOS4xMi0xMi4yMyAxNi40NS0yNC44NWwtNS41LTI1Ljg3YzQxLjc4LTIyLjQxIDcwLTYyLjc1IDcwLTEwOS4yOEMzNjggNTcuMzEgMzAzLjUzIDAgMjI0IDBTODAgNTcuMzEgODAgMTI4YzAgNDYuNTMgMjguMjIgODYuODcgNzAgMTA5LjI4ek0yODAgMTEyYzE3LjY1IDAgMzIgMTQuMzUgMzIgMzJzLTE0LjM1IDMyLTMyIDMyLTMyLTE0LjM1LTMyLTMyIDE0LjM1LTMyIDMyLTMyem0tMTEyIDBjMTcuNjUgMCAzMiAxNC4zNSAzMiAzMnMtMTQuMzUgMzItMzIgMzItMzItMTQuMzUtMzItMzIgMTQuMzUtMzIgMzItMzJ6IiBzdHJva2U9IiMwMDAiIHN0eWxlPSJmaWxsOiByZ2IoMCwgMCwgMCk7IHN0cm9rZTogcmdiKDAsIDAsIDApOyIvPjwvc3ZnPg==’) !important}.stk-78a0ab1 ul li:nth-child(1){list-style-image:url(‘data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgZm9jdXNhYmxlPSJmYWxzZSIgZGF0YS1wcmVmaXg9ImZhcyIgZGF0YS1pY29uPSJza3VsbC1jcm9zc2JvbmVzIiBjbGFzcz0ic3ZnLWlubGluZS0tZmEgZmEtc2t1bGwtY3Jvc3Nib25lcyBmYS13LTE0IiByb2xlPSJpbWciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQ0OCA1MTIiIHN0eWxlPSJmaWxsOiAjMDAwICFpbXBvcnRhbnQ7IGNvbG9yOiAjMDAwICFpbXBvcnRhbnQ7dHJhbnNmb3JtOiByb3RhdGUoZGVnKSAhaW1wb3J0YW50OyI+PHBhdGggZmlsbD0iIzAwMCIgZD0iTTQzOS4xNSA0NTMuMDZMMjk3LjE3IDM4NGwxNDEuOTktNjkuMDZjNy45LTMuOTUgMTEuMTEtMTMuNTYgNy4xNS0yMS40Nkw0MzIgMjY0Ljg1Yy0zLjk1LTcuOS0xMy41Ni0xMS4xMS0yMS40Ny03LjE2TDIyNCAzNDguNDEgMzcuNDcgMjU3LjY5Yy03LjktMy45NS0xNy41MS0uNzUtMjEuNDcgNy4xNkwxLjY5IDI5My40OGMtMy45NSA3LjktLjc1IDE3LjUxIDcuMTUgMjEuNDZMMTUwLjgzIDM4NCA4Ljg1IDQ1My4wNmMtNy45IDMuOTUtMTEuMTEgMTMuNTYtNy4xNSAyMS40N2wxNC4zMSAyOC42M2MzLjk1IDcuOSAxMy41NiAxMS4xMSAyMS40NyA3LjE1TDIyNCA0MTkuNTlsMTg2LjUzIDkwLjcyYzcuOSAzLjk1IDE3LjUxLjc1IDIxLjQ3LTcuMTVsMTQuMzEtMjguNjNjMy45NS03LjkxLjc0LTE3LjUyLTcuMTYtMjEuNDd6TTE1MCAyMzcuMjhsLTUuNDggMjUuODdjLTIuNjcgMTIuNjIgNS40MiAyNC44NSAxNi40NSAyNC44NWgxMjYuMDhjMTEuMDMgMCAxOS4xMi0xMi4yMyAxNi40NS0yNC44NWwtNS41LTI1Ljg3YzQxLjc4LTIyLjQxIDcwLTYyLjc1IDcwLTEwOS4yOEMzNjggNTcuMzEgMzAzLjUzIDAgMjI0IDBTODAgNTcuMzEgODAgMTI4YzAgNDYuNTMgMjguMjIgODYuODcgNzAgMTA5LjI4ek0yODAgMTEyYzE3LjY1IDAgMzIgMTQuMzUgMzIgMzJzLTE0LjM1IDMyLTMyIDMyLTMyLTE0LjM1LTMyLTMyIDE0LjM1LTMyIDMyLTMyem0tMTEyIDBjMTcuNjUgMCAzMiAxNC4zNSAzMiAzMnMtMTQuMzUgMzItMzIgMzItMzItMTQuMzUtMzItMzIgMTQuMzUtMzIgMzItMzJ6IiBzdHJva2U9IiMwMDAiIHN0eWxlPSJmaWxsOiByZ2IoMCwgMCwgMCk7IHN0cm9rZTogcmdiKDAsIDAsIDApOyIvPjwvc3ZnPg==’) !important}.stk-78a0ab1 ul li:nth-child(3){list-style-image:url(‘data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgZm9jdXNhYmxlPSJmYWxzZSIgZGF0YS1wcmVmaXg9ImZhcyIgZGF0YS1pY29uPSJza3VsbC1jcm9zc2JvbmVzIiBjbGFzcz0ic3ZnLWlubGluZS0tZmEgZmEtc2t1bGwtY3Jvc3Nib25lcyBmYS13LTE0IiByb2xlPSJpbWciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQ0OCA1MTIiIHN0eWxlPSJmaWxsOiAjMDAwICFpbXBvcnRhbnQ7IGNvbG9yOiAjMDAwICFpbXBvcnRhbnQ7dHJhbnNmb3JtOiByb3RhdGUoZGVnKSAhaW1wb3J0YW50OyI+PHBhdGggZmlsbD0iIzAwMCIgZD0iTTQzOS4xNSA0NTMuMDZMMjk3LjE3IDM4NGwxNDEuOTktNjkuMDZjNy45LTMuOTUgMTEuMTEtMTMuNTYgNy4xNS0yMS40Nkw0MzIgMjY0Ljg1Yy0zLjk1LTcuOS0xMy41Ni0xMS4xMS0yMS40Ny03LjE2TDIyNCAzNDguNDEgMzcuNDcgMjU3LjY5Yy03LjktMy45NS0xNy41MS0uNzUtMjEuNDcgNy4xNkwxLjY5IDI5My40OGMtMy45NSA3LjktLjc1IDE3LjUxIDcuMTUgMjEuNDZMMTUwLjgzIDM4NCA4Ljg1IDQ1My4wNmMtNy45IDMuOTUtMTEuMTEgMTMuNTYtNy4xNSAyMS40N2wxNC4zMSAyOC42M2MzLjk1IDcuOSAxMy41NiAxMS4xMSAyMS40NyA3LjE1TDIyNCA0MTkuNTlsMTg2LjUzIDkwLjcyYzcuOSAzLjk1IDE3LjUxLjc1IDIxLjQ3LTcuMTVsMTQuMzEtMjguNjNjMy45NS03LjkxLjc0LTE3LjUyLTcuMTYtMjEuNDd6TTE1MCAyMzcuMjhsLTUuNDggMjUuODdjLTIuNjcgMTIuNjIgNS40MiAyNC44NSAxNi40NSAyNC44NWgxMjYuMDhjMTEuMDMgMCAxOS4xMi0xMi4yMyAxNi40NS0yNC44NWwtNS41LTI1Ljg3YzQxLjc4LTIyLjQxIDcwLTYyLjc1IDcwLTEwOS4yOEMzNjggNTcuMzEgMzAzLjUzIDAgMjI0IDBTODAgNTcuMzEgODAgMTI4YzAgNDYuNTMgMjguMjIgODYuODcgNzAgMTA5LjI4ek0yODAgMTEyYzE3LjY1IDAgMzIgMTQuMzUgMzIgMzJzLTE0LjM1IDMyLTMyIDMyLTMyLTE0LjM1LTMyLTMyIDE0LjM1LTMyIDMyLTMyem0tMTEyIDBjMTcuNjUgMCAzMiAxNC4zNSAzMiAzMnMtMTQuMzUgMzItMzIgMzItMzItMTQuMzUtMzItMzIgMTQuMzUtMzIgMzItMzJ6IiBzdHJva2U9IiMwMDAiIHN0eWxlPSJmaWxsOiByZ2IoMCwgMCwgMCk7IHN0cm9rZTogcmdiKDAsIDAsIDApOyIvPjwvc3ZnPg==’) !important}.stk-78a0ab1 li{padding-inline-start:3px !important}.stk-78a0ab1 ul li{list-style-image:url(‘data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTAgMTkwIiBzdHlsZT0iZmlsbDogIzAwMCAhaW1wb3J0YW50OyBjb2xvcjogIzAwMCAhaW1wb3J0YW50O3RyYW5zZm9ybTogcm90YXRlKGRlZykgIWltcG9ydGFudDsiPjxwb2x5Z29uIHBvaW50cz0iMTczLjgsMjguNCA2MC40LDE0MS44IDE1LjcsOTcuMiA1LjEsMTA3LjggNjAuNCwxNjMgMTg0LjQsMzkgMTczLjgsMjguNCIgZmlsbD0iIzAwMCIgc3Ryb2tlPSIjMDAwIiBzdHlsZT0iZmlsbDogcmdiKDAsIDAsIDApOyBzdHJva2U6IHJnYigwLCAwLCAwKTsiLz48L3N2Zz4=’) !important}.stk-78a0ab1 li::marker{font-size:1.9em !important}@media screen and (max-width:1023px){.stk-78a0ab1 ul li,.stk-78a0ab1 ol li{font-size:16px !important}}Available for: macOS Big Sur and macOS MontereyImpact: A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.Description: The issue was addressed with improved bounds checks. .stk-8175363 .stk-block-heading__bottom-line{background-color:var(–stk-global-color-56583,#911d9c) !important}CVE-2023-28204, which could disclose sensitive information when processing web content .stk-91a792d{box-shadow:0 5px 5px 0 rgba(18,63,82,0.035) !important;padding-top:0px !important;padding-right:0px !important;padding-bottom:0px !important;padding-left:0px !important} .stk-fe8aeda{padding-top:8px !important;padding-right:32px !important;padding-bottom:8px !important;padding-left:32px !important} .stk-97ddc1d .stk-block-heading__text{font-size:17px !important}@media screen and (max-width:1023px){.stk-97ddc1d .stk-block-heading__text{font-size:17px !important}}CVE-2023-28204 .stk-f3fc9f0-container{padding-top:0px !important;padding-bottom:8px !important} .stk-531edd1 ul li,.stk-531edd1…iPhone users: Critical iOS 16.5 patch available, download now