Apple today has released iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS 13.5.2 firmware updates respectively for its iPhone, iPad, Watch and Mac devices. Users are advised to download them as soon as possible, as they are noted by the company to contain important security fixes to address several critical vulnerabilities.
According to Apple via its support page, an exploit on iOS, iPadOS and macOS has been discovered where processing a maliciously crafted image could lead to arbitrary code execution, allowing a bad actor to gain access to the operating system by forwarding unsuspecting users with a seemingly harmless picture. According to University of Toronto’s Citizen Lab, the vulnerabilities are part of a BLASTPASS exploit chain that’s claimed to be used for delivering NSO Group’s infamous Pegasus spyware to devices. In the aforementioned patches, the company has managed to resolve this vulnerability by fixing the ImageIO process by addressing a buffer overflow issue to improve memory handling.
Meanwhile, a separate exploit is found on iOS, iPadOS and watchOS which grants hackers entry via a malicious attachment in the Wallet app. Apple notes that this issue may have been actively taken advantage of by bad actors. According to the company’s support page, this particular vulnerability has been addressed in today’s update by tweaking the app’s validation with improved logic.
The iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS 13.5.2 firmware updates are available now by accessing the Software Update tab under the General category in the Settings app. Apple notes that the aforementioned patches are only available for iPhone models from iPhone 8 and later, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, iPad 5th generation and later, Apple Watch Series 4 and later, as well as all Mac devices that are running on macOS Ventura.
(Source: Apple support page [1] [2] [3] [4])
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.