Apple has rolled out iOS 16.6.1, addressing two actively exploited vulnerabilities that posed significant security risks. The vulnerabilities were reported by Citizen Lab and could allow attackers to execute arbitrary code through malicious images or attachments.
The first vulnerability was found in the ImageIO framework, which, if exploited, could lead to arbitrary code execution when processing a maliciously crafted image. The second vulnerability was identified in the Wallet app, creating a similar risk when opening a maliciously crafted attachment.
Apple has urged users to update their devices promptly to protect against these security threats. iOS 17 is also on the horizon, with an expected announcement on September 12. However, iOS 16.6.1 does not introduce new features.
Citizen Lab, known for its government malware research, discovered an actively exploited zero-click vulnerability linked to the distribution of the Pegasus spyware by NSO Group. Pegasus has allegedly been used by various governments to target activists, journalists, and opposition members worldwide.
Apple expressed appreciation for the efforts of security researchers and credited The Citizen Lab at the University of Toronto for their assistance. The iOS 16.6.1 update is available for all eligible iPhones and iPads. To install it, navigate to Settings > General > Software Update. Stay vigilant and keep your devices up to date to ensure your security.