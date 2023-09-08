Apple has recently released iOS 16.6.1, an update focused on fixing security vulnerabilities that have been actively exploited. This update comes ahead of Apple’s special event on September 12, where the date for the release of iOS 17 is expected to be announced.

The iOS 16.6.1 update addresses two vulnerabilities that pose significant risks to iPhone users. The first vulnerability is found in the ImageIO framework, which could potentially allow attackers to execute arbitrary code through the manipulation of a specially crafted image. The second vulnerability is located in Wallet and could similarly enable attackers to execute arbitrary code by opening a malicious attachment.

It is crucial for iPhone users to promptly install the iOS 16.6.1 update to protect their devices from these security risks. Failing to do so could leave their iPhones vulnerable to potential attacks.

According to a report by TechCrunch, Citizen Lab, a research group focusing on government malware, discovered an actively exploited zero-click vulnerability connected to NSO Group’s Pegasus spyware. Pegasus is a notorious spyware tool allegedly used by numerous governments worldwide to target various individuals, including civil society activists, journalists, and opposition members.

The exploit chain associated with this vulnerability allowed attackers to compromise iPhones running the latest version of iOS, with no interaction required from the victim. In response to this discovery, Apple acknowledged the Citizen Lab’s assistance in identifying the vulnerabilities and thanked them for their support.

While the iOS 16.6.1 update does not introduce any new features, it is essential to keep devices up to date to mitigate security risks. Users can install the update by navigating to Settings > General > Software Update on their iPhones or iPads.

Source: TechCrunch, Citizen Lab

famaritana:

– iOS: Apple’s mobile operating system used on iPhone and iPad devices.

– Vulnerability: A flaw or weakness in a system that can be exploited to compromise its security.

– Zero-click vulnerability: A vulnerability that allows an attacker to compromise a device without any interaction or input from the victim.

– NSO Group: A company known for developing surveillance software, including the Pegasus spyware.

– Pegasus spyware: A powerful surveillance tool that can remotely take control of a target device, often used for targeted attacks against individuals.

– Exploit chain: A series of vulnerabilities and techniques used in combination to achieve an unauthorized or malicious outcome.