According to Apple's official website, important security updates for iOS 16.4.1 and iPadOS 16.4.1 were released to address two critical zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that have been exploited in the wild.

These vulnerabilities affect IOSurfaceAccelerator and WebKit, can be used to execute arbitrary code on iPhone and iPad, and the complex attack chain targets the latest iPhone devices. Apple has acknowledged the active exploitation of these vulnerabilities. The IOSurfaceAccelerator vulnerability has been fixed by improving input validation, while the WebKit vulnerability has been addressed by improving memory management. Users need to update their devices to iOS 16.4.1 and iPadOS 16.4.1 as soon as possible to protect the security of their devices.