Apple on Wednesday released an update to devices using the latest version of iOS that fixes two serious security flaws that are
reportedly being used in hacks that are currently targeting iPhones and iPads.
According to a support page released by Apple, iOS 16.5.1 fixes an issue in the kernel, tracked with the code CVE-2023-32434, that could enable an attacker to execute code with kernel-level privileges. Like in previous security updates, Apple did not release more information about the fix.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the company
said.
Two tech websites
reported that the flaw that was
exploited may be tied to the so-called “Operation Triangulation” campaign that targeted Apple’s iMessage to deliver malicious code before transmitting recordings, photos, and geolocation data from devices. One of the sites, The Hacker News,
described it as a “zero-day” exploit, which means that the flaw is likely being exploited out in the wild.
The other serious issue that was fixed in the update is a flaw in WebKit, which is the engine that is used by the Apple Safari browser. That problem would allow an attacker to execute code via web content, and Apple said it is “aware of a report” that the flaw could be “actively exploited.”
On Wednesday, Apple released eight updates, including iOS 16.5.1 and iPadOS 16.5.1. They also include iOS 15.7.7 and iPadOS 15.7.7; macOS Ventura 13.4.1, macOS Monterey 12.6.7, and macOS Big Sur 11.7.8; and watchOS 9.5.2 and watchOS 8.8.1, which,
according to MacWorld, covers a decade’s worth of Apple devices going back until 2013.
“For the protection of our customers, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases,” Apple said.
The iOS 16.5.1 release also includes a fix for a problem that prevented charging a device with the Lightning to USB 3 Camera Adapter, according to Apple’s notes.
“This update provides important security fixes and is recommended for all users,”
said the Cupertino, California-based tech giant. “It also fixes and [sic] issue that prevents charging with the Lightning to USB 3 Camera adapter.”
Security researcher Sean Wright
told Forbes magazine that the errors patched in iOS 16.5.1 are “pretty severe,” while saying the vulnerabilities “could be chained together to allow a remote attacker potentially full control over a compromised device.” He and Forbes recommended users to update their devices as soon as possible.
In order to download the update, go to Settings, General, and Software Update. Users then should tap Download & Install before following the on-screen instructions to download and execute the update.
On a Mac laptop or desktop computer, users can apply the latest update by going System Settings, and by clicking on Software Update.
