It is widely expected that Apple will announce the date of iOS 17 roll out on September 12 at its special event. Ahead of the announcement, Apple has released iOS 16.6.1, an update that brings security fixes for two vulnerabilities that have been actively exploited. In the release notes, Apple has acknowledged that it is aware of reports that both of these vulnerabilities have been actively exploited.
What vulnerabilities were found
The first vulnerability is in the ImageIO framework, which could allow an attacker to execute arbitrary code by processing a maliciously crafted image. The second vulnerability is in Wallet, which could allow an attacker to execute arbitrary code by opening a maliciously crafted attachment.
It is important to install the iOS 16.6.1 update as soon as possible to protect your iPhone from these security risks.
A report by TechCrunch says that Citizen Lab — a research group that looks into government malware — found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware. Pegasus is a spyware that has been allegedly used by many governments across the world to target civil society activists, journalists, members of the opposition among others.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” noted Citizen Lab in a blog post.
As always, Apple does acknowledge the researchers that point out security flaws and vulnerabilities. “We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” Apple security updates page notes.
The iOS 16.6.1 update is available now for all eligible iPhones and iPads. To install the update, go to Settings > General > Software Update.
Apple has not released any new features in iOS 16.6.1. The next major update to iOS is expected to be iOS 17, which as mentioned above, should be sometime in September.
What vulnerabilities were found
The first vulnerability is in the ImageIO framework, which could allow an attacker to execute arbitrary code by processing a maliciously crafted image. The second vulnerability is in Wallet, which could allow an attacker to execute arbitrary code by opening a maliciously crafted attachment.
It is important to install the iOS 16.6.1 update as soon as possible to protect your iPhone from these security risks.
A report by TechCrunch says that Citizen Lab — a research group that looks into government malware — found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware. Pegasus is a spyware that has been allegedly used by many governments across the world to target civil society activists, journalists, members of the opposition among others.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” noted Citizen Lab in a blog post.
As always, Apple does acknowledge the researchers that point out security flaws and vulnerabilities. “We would like to acknowledge The Citizen Lab at The University of Torontoʼs Munk School for their assistance,” Apple security updates page notes.
The iOS 16.6.1 update is available now for all eligible iPhones and iPads. To install the update, go to Settings > General > Software Update.
Apple has not released any new features in iOS 16.6.1. The next major update to iOS is expected to be iOS 17, which as mentioned above, should be sometime in September.