Apple recently rolled out a critical update, iOS 16.6.1, and it’s strongly recommended that all iPhone users promptly install it.
This update addresses two significant vulnerabilities that are already being exploited in real-world scenarios.
The urgency of this update cannot be overstated. Apple has chosen not to disclose the exact details of what iOS 16.6.1 addresses, likely to provide users ample time to update before potential attackers can exploit these vulnerabilities further.
However, it’s worth noting that these vulnerabilities have been used to deliver spyware without requiring any user interaction.
The first vulnerability, known as CVE-2023-41064, is located in ImageIO and allows attackers to execute malicious code through a specially crafted image.
The second vulnerability, CVE-2023-41061, is found in Apple’s Wallet and also allows for code execution through a malicious attachment. Apple has acknowledged that both of these issues may have already been actively exploited.
These vulnerabilities have been exploited to deliver spyware such as Pegasus, which grants attackers full access to your iPhone, including encrypted apps like WhatsApp.
Security firm Citizen Lab has reported that these flaws were used to deliver NSO Group’s Pegasus spyware in an active attack.
Timing of the Update
Interestingly, this emergency update coincides with Apple’s preparations for the release of iOS 17. This suggests that Apple considered these vulnerabilities too critical to wait for the next major update.
Given the seriousness of these vulnerabilities, it’s imperative to update to iOS 16.6.1 as soon as possible. To manually update, navigate to iPhone Settings > General > Software Update and download and install iOS 16.6.1.