Whereas we’re all eagerly anticipating the thrilling options coming in iOS 17, Apple hasn’t forgotten that a lot of the world remains to be utilizing iOS 16. The corporate already has beta variations of iOS 16.6 making the rounds, however within the meantime, it’s simply launched a important safety patch for iOS 16.5.
This comes within the type of iOS 16.5.1, a “sub-point” launch meant to repair bugs in iOS 16.5 and shut the door on any potential safety vulnerabilities.
This newest minor launch lands somewhat over a month after iOS 16.5 got here out and means that Apple discovered just a few issues that wanted to be mounted that couldn’t look forward to iOS 16.6, which is probably going nonetheless at the very least just a few weeks away.
The brand new launch resolves a bug we got here throughout final month that prevented Apple’s Lighting to USB 3 Digital camera Adapter from working with equipment that require extra energy than the iPhone is ready to present by means of its personal Lightning port. One thing in iOS 16.5 appeared to forestall the iPhone from recognizing an exterior energy supply linked to the adapter. This has now been mounted in iOS 16.5.1.
Nevertheless, what’s much more important is that, as with most up-to-date iOS updates, iOS 16.5.1 patches two extra probably critical safety flaws.
Researchers at Kaspersky found a kernel vulnerability in iOS 16.5, and sure prior variations, that might permit an app to “execute arbitrary code with [system-level] kernel privileges.” One other subject reported to Apple by an nameless researcher might “result in arbitrary code execution” because of “processing maliciously crafted internet content material.”
Sadly, these aren’t merely theoretical exploits. Apple notes that each of those points “could have been actively exploited,” which suggests they’re already within the fingers of hackers and cybercriminals. The most effective-case situation is that they’re getting used solely by industrial-grade spy ware akin to Pegasus and Predator, which most of us will probably by no means develop into targets of, however Apple doesn’t get that particular.
In an uncommon twist, Apple does notice that the kernel vulnerability could have solely been actively exploited towards variations of iOS launched earlier than iOS 15.7, however that doesn’t change the truth that the flaw nonetheless exists in iOS 16.5, that means it may very well be used to focus on more moderen variations.
Nevertheless, since meaning these vulnerabilities additionally existed in iOS 15, Apple has launched iOS 15.7.7 to offer safety fixes for the unique iPhone SE, iPhone 6s, and iPhone 7 lineups, which may’t be upgraded to iOS 16, together with iPadOS 15.7.7 for the iPad Air 2, iPad mini 4, and iPod contact.
There are additionally corresponding updates for the Apple Watch and Mac, overlaying present fashions with watchOS 9.5.2 and macOS Ventura 13.4.1, plus watchOS 8.8.1, macOS Monterey 12.6.7, and macOS Huge Sur 11.7.8 for older Apple Watches and Macs that may’t run the most recent working programs.
The macOS Ventura 13.4 replace addresses the identical kernel and webkit flaws as iOS 16.5.1; nevertheless, each of the watchOS updates and the older macOS Monterey and Huge Sur releases solely tackle the kernel flaw, suggesting the WebKit vulnerability didn’t exist in these older variations.