Apple has released iOS 16.7.1 for those using iPhone 14 and below, who have haven’t yet upgraded to iOS 17. The update patches a kernel vulnerability that has been exploited in attacks
The flaw, tracked as CVE-2023-42824, has been described as a local privilege escalation issue, which suggests it has been used as part of an exploit chain.Â
Apple  first warned customers about CVE-2023-42824 and its active exploitation on October 4, when it announced a patch with the release of iOS 17.0.3.Â
Apple  noted at the time that exploitation had been seen against devices running iOS versions prior to 16.6. It has now released iOS 16.7.1 and iPadOS 16.7.1 to deliver the patches to devices that have not been updated to version iOS 17.Â
Security Fixes
Kernel
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.
Description: The issue was addressed with improved checks.
WebRTC
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed by updating to libvpx 1.13.1.
Supported Devices
- iPhone 14
- iPhone 14 Plus
- iPhone 14 Pro
- iPhone 14 Pro Max
- iPhone 13
- iPhone 13 mini
- iPhone 13 Pro
- iPhone 13 Pro Max
- iPhone 12
- iPhone 12 mini
- iPhone 12 Pro
- iPhone 12 Pro Max
- iPhone 11
- iPhone 11 Pro
- iPhone 11 Pro Max
- iPhone Xs
- iPhone XS Max
- iPhone XR
- iPhone X
- iPhone 8
- iPhone 8 Plus
- iPhone SE (2nd generation or later)
As normal, to update to iOS 16.7.1 go to your iPhone Settings > General > Software Update and install iOS 16.7.1 as soon as you possibly can.