Apple has released important security updates to iOS 16.4.1 and iPadOS 16.4.1, designed to address two critical zero-day vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that have already been exploited in the wild. These vulnerabilities affect IOSurfaceAccelerator and WebKit, allowing arbitrary code execution on iPhone and iPad, and a sophisticated attack chain targeting the latest iPhone devices. Apple acknowledged active exploitation of these vulnerabilities, the IOSurfaceAccelerator vulnerability was fixed with improved input validation, and the WebKit vulnerability was addressed with improved memory management. Users need to update their devices to iOS 16.4.1 and iPadOS 16.4.1 as soon as possible to protect the security of their devices.