If you’re using an iPhone, you’ll want to install the latest software update as soon as possible, as your device could be vulnerable to attacks.

Apple has rolled out iOS 16.4.1 to all compatible handsets, including the iPhone 8 and newer models.

The update fixes two vulnerabilities that appeared in the previous software, iOS 16.4, which was released late last month.

These were also apparent in older versions of Mac and iPad software, which is why Apple released macOS Ventura 13.3.1 and iPadOS 16.4.1 updates.

Both security flaws could have allowed hackers to infiltrate the device and “execute arbitrary code”, according to Apple.

Apple rolled out iOS 16.4.1 to all compatible handsets, including the iPhone 8 and newer models, on Friday. This fixes two vulnerabilities that appeared in the previous software, iOS 16.4, which was released late last month

This means they could run any code they wanted on a targeted device without the knowledge of the owner.

This code could give them access to private data, allow them to control device functionality and allow them to install malware.

It could even allow them to take control of other devices connected to the network, or the Internet, to which the original was connected.

The vulnerabilities, called CVE-2023-28206 and CVE-2023-28205, are known as zero-day flaws, meaning they were unknown to Apple when the software was deployed.

It also means that devices running this software were vulnerable to attacks, as the tech giant had not released a patch or security update to fix it.

Apple said it was aware that CVE-2023-28206 and CVE-2023-28205 “may have been actively exploited” before the release of iOS 16.4.1, macOS Ventura 13.3.1 and iPadOS 16.4.1.

CVE-2023-28206 was an “out of bounds write issue” in IOSurfaceAccelerator, part of the software that handles pixel data.

This means that part of the memory was storing too much data and therefore started storing it in the wrong place, which can cause problems.

The flaws were discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

CVE-2023-28205 was a “use after free issue” in the WebKit web browser engine.

This means that a program is trying to use or access something that it once stored in memory, but has already been freed.

The flaws were discovered by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab.

According to BleepingComputer, these search groups are typically used by Apple to search for government-sponsored threat actors.

Therefore, these were only likely to be exploited in the case of “highly targeted attacks” against politicians, journalists and high-risk individuals.

Both of these issues are fixed with the iOS 16.4.1 update, along with bugs that caused Siri to stop responding to commands and prevent skin tone variation options for the pushing hands emoji.

The latest software update, iOS 16.4, brought a range of new features, including the addition of 21 new emoji to the keyboard.

This includes the highly anticipated pink heart icon, as well as a shaking face (“I’m Shaken”), a moose, a ginger stalk, the Wi-Fi symbol, and a pair of maracas.

Apple software updates aren’t always straightforward, which is why some are hesitant to roll them out when offered.

Some of those who have updated to iOS 16.4 have complained that a system bug is quickly draining their device’s battery life.

Last week, iPhone users around the world were unable to access live forecasts on the Apple Weather app, which some have also linked to their new operating system.