Apple has released iOS 16.6.1 and iPadOS 16.6.1, fixing two extremely dangerous security flaws in its mobile operating systems.
One flaw fixes an issue in which “processing a maliciously crafted image may lead to arbitrary code execution.” Apple says it’s aware of a report that this issue, which affects all newer iPhones and iPads, may have been actively exploited in the wild, which makes it the worst kind of security flaw.
The bug was found by the University of Torontoʼs Munk School security research facility Citizen Lab, which shared some more info on how it works and who’s affected. Apparently, this exploit (which Citizen Lab named the Blastpass Exploit Chain) was capable of compromising iPhones running the latest version of iOS (16.6). Worse, it could do this without any interaction from the victim.
The flaw was found while checking the device owned by a person employed by a civil society organization based in Washington DC. On their device, the vulnerability was use to deliver the notorious Pegasus spyware.
The new iOS 16.6.1 patch fixes another critical bug, which also may have been actively exploited. It affects newer iPhones and iPads, and it also meant a hacker could take over someone’s phone by sending them a maliciously crafted attachment.
You can (and should) update your devices now by going to Settings – General – Software Update.
#Update #iPhone #fix #critical #security #flaw