Apple has published iOS 16.6.1 integrated update, which includes crucial security updates for two actively exploited vulnerabilities in the ImageIO framework and Wallet.
According to Citizen Lab, these flaws allowed attackers to execute arbitrary code through infected pictures or attachments.
Notably, the California-based tech behemoth recognizes the study and asks users to upgrade as soon as possible, despite the fact that iOS 17 is slated to be released on September 12 without bringing new features in latest iOS .
Apple rolls out iOS 16.6.1, here’s why iPhone users need to update ‘urgently’
The original flaw is in the ImageIO framework, which might lead to arbitrary code execution while processing a maliciously created picture.
When opening a maliciously constructed attachment, the second vulnerability in Wallet creates a similar danger of arbitrary code execution.
To protect your iPhone from these security flaws, you must apply the iOS 16.6.1integrated update as soon as possible.
What vulnerabilities were found
According to a TechCrunch story, Citizen Lab, a government malware research outfit, has discovered an actively exploited zero-click vulnerability being used to disseminate the NSO Group’s Pegasus spyware.
🚨UPDATE APPLE DEVICES ASAP – PHONES, IPADS, COMPUTERS, WATCHES🚨@citizenlab found an Apple exploit used in the wild that can compromise to watch/see/hear/spy thru Apple devices.
Exploit doesn’t require you to click, attacker just sends it via iMessage.https://t.co/ggiDBtOCDg— Rachel Tobac (@RachelTobac) September 7, 2023
Pegasus has reportedly been used by numerous countries throughout the world to target individuals such as civil society activists, journalists, and opposition members.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without requiring any interaction from the victim,” Citizen Lab wrote in a blog post.
Apple expressed gratitude for the work of security researchers who alerted them to security problems and vulnerabilities. The Citizen Lab at The University of Toronto’s Munk School was commended on the Apple security updates website.
All eligible iPhones and iPads may now download the iOS 16.6.1 upgrade.
To begin installing this update, go to Settings > General > Software Update. It should be noted that iOS 16.6.1 does not include any new functionality. As previously stated, the next major upgrade, iOS 17, is expected to be delivered in September.
Apple security updates
About Apple security updates
ImageIO
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School
Wallet
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A validation issue was addressed with improved logic.
CVE-2023-41061: Apple
Other Method to Update
There are other steps you can take to stay secure. In addition to updating to iOS 16.6.1 integrated , those who think they might be a target can check their device for compromise using a tool such as iVerify. Apple’s Lockdown Mode is also a good idea if your iPhone is at greater risk of attack—but be warned, it does make your device almost unusable.
Wright also warns that the Wallet vulnerability fixed in iOS 16.6.1 is present in Apple Watch—and the ImageIO issue is fixed in a new Mac update, so check and upgrade all your Apple devices.
The iOS 16.6.1 upgrade is available for the iPhone 8 and later, iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
If you want to stay secure, you’ll need to upgrade to iOS 16.6.1 manually—even if you have enabled automatic Apple updates, they roll out to iPhones in a gradual process. Go to your iPhone Settings > General > Software Update and download and install iOS 16.6.1 as soon as possible.
Read Also – The Apple Pencil: Is It Right for You?
