Apple has recently unveiled the latest operating system (OS) updates, iOS 16.5.1 and iPadOS 16.5.1. While these updates do not introduce new features, they serve the crucial purpose of patching potentially harmful vulnerabilities.
The primary focus of these updates, as stated by Apple, is to address significant security issues. It is strongly advised that all iPhone and iPad users promptly install these updates to ensure the safety of their devices and personal information.
One of the critical security flaws resolved in these updates allowed criminals to execute arbitrary code with kernel privileges. Notably, this issue affected devices running iOS versions earlier than iOS 15.7.
Moreover, a vulnerability in WebKit prevented the execution of arbitrary code, presenting an additional concern. Apple has classified this security issue as actively exploited, underscoring the urgency for users to update their devices immediately.
In addition to the vital security patches, the iOS 16.5.1 and iPadOS 16.5.1 updates also resolve an issue related to the functionality of the Lightning to USB 3 Camera Adapter.
For iPhone and iPad users, these updates are compatible with iPhone 8 or later models, all iPad Pro iterations, iPad Air 3rd generation and later, iPad 5th generation and above, as well as iPad mini 5th generation and above. This information has been compiled from reliable sources, including 9to5Mac, by KompasTekno.
Kaspersky Discovers Loopholes in iOS Security
Kaspersky, a renowned cybersecurity company, made significant findings regarding security vulnerabilities in iOS versions prior to iOS 15.7. The research team consisting of Georgy Kucherin, Leonid Bezvershenko, and Boris Larin detected a security flaw that exposed iPhones to potential risks.
According to Kaspersky’s report published earlier this June, the attack, known as “Operation Triangulation,” had been active since 2019. Exploiting a vulnerability within the iOS operating system, attackers could gain control over the victim’s device.
This particular attack utilized a clickless exploit, executed through the iMessage service. Upon receiving a compromised message with a malicious attachment, the victim’s device would become susceptible to the attack. Remarkably, the victim’s interaction with the message, such as opening or checking attachments, was irrelevant to the exploitation process.
Furthermore, the attack incorporated multiple vulnerabilities, providing hackers with extended access to the compromised devices. This comprehensive approach significantly amplifies the threat posed by this malware.
Although the malware’s lifespan is relatively short, being eradicated upon rebooting the iPhone, Kaspersky researchers discovered instances where the same attack persisted despite device restarts.
Subsequent research by Kaspersky, culminating in a report published on June 21, 2023, shed further light on the attack’s mechanics.
According to the new report, malicious attachments sent via iMessage are automatically deleted upon device boot-up. Consequently, attackers are required to resend the malicious message for subsequent attacks.
However, if the user refrains from rebooting the device, malicious attachments sent via iMessage are claimed to self-delete after a period of 30 days, unless extended by the attacker.
Kaspersky researchers stated, “If the victim reboots the device, the attacker must re-infect it by sending the iMessage as well as the malicious attachment, thus setting off another attack. If no reboot occurs, the attachment will delete itself after 30 days, unless the period is extended by the attacker.”
In conclusion, the recent release of iOS 16.5.1 and iPadOS 16.5.1 by Apple serves as a crucial security measure. By addressing significant vulnerabilities, these updates safeguard the privacy and integrity of iPhone and iPad users’ devices. It is strongly recommended that all users promptly install the updates to protect against potential threats and ensure a safe digital experience.