Apple has released iOS 16.5.1, bringing fixes for two serious security flaws already being used in real-life iPhone attacks.
iOS 16.5.1 fixes an issue in the Kernel that could allow an attacker to execute code with Kernel privileges.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the company said.
The second issue fixed in iOS 16.5.1 is a flaw in WebKit, the engine that underpins Apple’s Safari browser, which could enable an attacker to execute code via malicious web content.
Apple said it is “aware of a report that this issue may have been actively exploited.”
iOS 16.5.1 also fixes an issue that prevents charging with the Lightning to USB 3 Camera Adaptor.
It is unclear at the time of publishing why this upgrade was not released as a Rapid Security Response Update, opposed to a point upgrade. Needless to say due to the severity of these vulnerabilities, it is extremely important you update to iOS 16.5.1 as soon as you can.
iOS 16.5.1 Security Fixes
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Description: An integer overflow was addressed with improved input validation.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A type confusion issue was addressed with improved checks.
iOS 16.5.1 Supported Devices
iOS 16.5 will run on all iPhones from iPhone 8 onwards. To be exact:
iPhone 14 Plus
iPhone 14 Pro
iPhone 14 Pro Max
iPhone 13 mini
iPhone 13 Pro
iPhone 13 Pro Max
iPhone 12 mini
iPhone 12 Pro
iPhone 12 Pro Max
iPhone 11 Pro
iPhone 11 Pro Max
iPhone XS Max
iPhone 8 Plus
iPhone SE (2nd generation or later)
As normal, to update to iOS 16.5.1, go to your iPhone Settings > General > Software Update and install iOS 16.5.1 when you can.