iOS 16.4.1 and macOS 13.3.1 fix two security vulnerabilities.

iOS and iPadOS updates do not add any new features. Their main goal is to address two separate major security vulnerabilities, and the release notes include two major fixes.

Apple details the bug fixes as follows:

• Pushing hands emoji not showing skin tone variation
• Siri not responding in some cases

Some users are openly complaining about the Siri bug, and Apple says this shouldn’t be a problem anymore. In terms of security updates, Apple says both vulnerabilities opened the door to arbitrary code execution, and both were reported to have been heavily exploited. The company’s security notes say:

IOSurfaceAccelerator

Impact. An application can execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description. An out-of-bounds write issue was addressed with improved input validation.

webkit

Impact. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description. An after-free use issue was addressed with improved memory management.

The macOS update fixes the same security vulnerabilities and also fixes the same emoji skin tones bug. But it also fixes a bug that affected the feature that allows you to unlock your Mac with your Apple Watch.

These updates come just 10 days after Apple released iOS 16.4 and macOS Ventura 13.3. These major updates added new emojis, introduced enhanced accessibility features, and fixed several bugs.

Apple is expected to release at least one more major update to iOS 16, dubbed iOS 16.5, before iOS 17 is unveiled this fall. The company will detail the features coming to iOS 17 and macOS 14 at the Global developer conference starting June 5th.