Apple has released iOS 16.1 and it includes a warning to update now because the iPhone update fixes 20 security issues, one of which is already being used in attacks.
Apple isn’t sharing many details about what’s been fixed in iOS 16.1, to prevent more adversaries from getting hold of the information they need to launch attacks. The already exploited security issue applied to iOS 16.1 is in the core, at the heart of the iPhone operating system.
Tracked as CVE-2022-42827, the vulnerability could allow an attacker to execute code with kernel privileges via an application. “Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker’s support page says.
Other iPhone flaws fixed in iOS 16.1 include two more kernel issues, one of which can be remotely exploited. Among the other vulnerabilities fixed in iOS 16.1 are several flaws in WebKit, the engine that powers Apple’s Safari browser.
iOS 16.1 is the first major update since iOS 16 and comes two weeks after the last security update iOS 16.0.3, which fixed a vulnerability.
When Apple released iOS 16, it also updated iOS 15.7 with security fixes for those who want to wait to upgrade to the latest and greatest operating system. At the time of writing, there is no iOS 15.7.1 to fix the same flaws fixed in iOS 16.1.
What is known about the iPhone security issue, CVE-2022-42827?
I always suggest applying major iPhone updates immediately, and iOS 16.1 is no exception, as CVE-2022-42827 is used in real-life attacks. Yes, they are likely to be targeted at a small number of people, like the Pegasus spyware attacks, but with limited details available, the only way to be sure is to update.
Apple has not said which cybercrime group or spyware company is abusing this bug, writes Paul Ducklin, a researcher at security firm Sophos. However, he warns: “Given the high price that the zero-day working iPhone commands in the cyber-underworld, we assume that whoever is in possession of this exploit. [a] knows how to make it work effectively and [b] They are unlikely to draw attention to this themselves, in order to keep existing victims in the dark as much as possible.”
The iOS 16.1 update fixes some high-severity issues that would allow an attacker to gain full access to the device, independent security researcher Sean Wright says. It says an attacker would have to “chain the kernel-level vulnerabilities with some of the other flaws to allow a malicious application to exploit them.”
This could be done remotely using one of WebKit’s vulnerabilities, Wright adds.
While attacks using iOS 16.1 flaws are likely to target a small subset, some of these vulnerabilities could be more common, Wrights says, adding that you should update “when you can.”
Apple has released iOS 16.1 along with a warning to update now, because it fixes the security of an iPhone… [+] flaw that is already used in real-life attacks.
Apple iPhone
Update to iOS 16.1 to keep your iPhone secure
It’s always a good idea to keep your iPhone updated, especially when security flaws are used in real-life attacks. It’s especially relevant to upgrade to iOS 16.1 now if you’re a heavy-duty or business user.
If you have an iPad, Apple just released iPadOS 16, which fixes the same set of security issues as iOS 16.1.
You know what to do: Go to Settings > General > Software Update and update to iOS 16.1 to keep your iPhone secure.