iOS 16.5.1 is rolling out to users of supported iPhone models, bringing important fixes for zero-day security flaws that could allow an attacker to infect and install spyware on an iPhone via iMessage, according to details shared by a security firm. The latest update also resolves a bug introduced with the previous update that prevented charging with Apple's Lightning to USB 3 camera adapter accessory. The company has also released updates to iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2, with security and bug fixes.
Apple has fixed zero-day (previously unknown) vulnerabilities on iOS 15.7.77 and iOS 16.5.1 that relate to the operating system's kernel and the WebKit engine that powers its Safari browser. The kernel security flaw would allow attackers to install "Triangulation" spyware on an iPhone, according to details shared by security firm Kaspersky. Apple has credited Kaspersky's Georgy Kucherin, Leonid Bezvershenko, and Boris Larin as well as an unnamed researcher for discovering the vulnerabilities.
Today Apple released updates for CVE-2023-32434 (Kernel) and CVE-2023-32435 (WebKit) in-the-wild zero-days which were discovered by us (@kucher1n, @bzvr_ and yours truly) in the #iOSTriangulation attacks. Update your iOS/iPadOS/macOS/watchOS now! pic.twitter.com/w1HxJwq4GO
— Boris Larin (@oct0xor) June 21, 2023
The security firm explains that an attacker could send an iMessage with a malicious attachment to infect an iPhone that would remain in the device's RAM. If the device was rebooted or 30 days had elapsed, the spyware would be removed from memory. In order to reinfect the device, an attacker would have to send another maliciously crafted attachment via iMessage, according to Kaspersky. The company first revealed details of the security flaw earlier this month.
According to Apple, these security flaws have been fixed on iPhone and iPad with iOS 16.5.1, iOS 15.7.7, iPadOS 16.5.1 or iPadOS 15.7.7. Meanwhile, Mac owners can update to macOS 13.4.1, macOS 12.6.7 or macOS 11.7.8 to remain protected from the security flaw, while Apple Watch users will have to install the watchOS 9.5.2 or watchOS 8.8.1 updates.
Meanwhile, the iOS 16.5.1 update also comes with a fix for a bug introduced with the iOS 16.5 update that was rolled out last month. Updating to iOS 16.5.1 should restore the charging functionality of the Lightning to USB 3 camera adapter, that was accidentally removed with the previous update. Users can head over to the Settings app on their iPhone and tap on General > Software Update > Download and Install in order to download and install the latest software update.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.