Security fixes in iOS 16.6.1, watchOS 9.6.2, macOS Ventura 13.5.2

Apple’s new iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 updates fix two dangerous vulnerabilities that have been exploited in the wild.

The iPhone's Settings icon with red badge, set against a gray background
Apple has released new software updates | Image: Christian Zibreg/iDB

The company launched the new software updates on September 7, 2023, with no new user-facing features. Release notes are somewhat cryptic, saying the update “provides important security fixes and is recommended for all users.”

The company maintains a webpage detailing Apple security releases that provides detailed information about the included fixes. The updates dropped a few days ahead of the September 12 “Wonderlust” iPhone 15 presentation when Apple is expexted to revela the iOS 17 release date.

How to install iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2

You can install iOS 16.6.1 and iPadOS 16.6.1 by going to Settings > General > Software Update.

To install watchOS 9.6.2, go to Settings > General > Software Update on your watch or open the companion Watch app on your iPhone, hit the My Watch tab and choose General > Software Update.

To install macOS Ventura 13.5.2, click the Apple menu, choose System Settings, select General in the sidebar and then Software Update on the right.

You can check the build number of your installed operating system version by going to Settings > General > About > iOS Version. The build number is printed in the parentheses after the iOS version number.

To do the same on your Apple Watch, open the Watch app on your paired iPhone, hit the My Watch tab and go to General > About > Version.

On your Mac, navigate to System Settings > General > About and find the version and build number displayed in the macOS section.

What’s new in iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2?

The following support documents detail security fixes included in the updates:

iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura 13.5.2 patch a vulnerability found in Apple’s Image I/O framework that apps use to read and write most image file formats. The bug allowed an attacker to pass a maliciously crafted image to Image I/O in the hope of executing rogue code. This is due to a buffer overflow issue addressed with improved memory handling.

Apple confirms that it’s aware of a report that this issue may have been actively exploited in the wild. This has been the source of other dangerous exploits in the past, including one that permitted an attacker to gain control over a user’s device by sending a maliciously crafted image over iMessage.

iOS 16.6.1, iPadOS 16.6.1 and watchOS 9.6.2 also patch a buffer overflow bug found in the stock Wallet app on the iPhone, iPad and Apple Watch. It could be exploited to let an attacker execute arbitrary code through a maliciously crafted attachment. This vulnerability, too, may have been actively exploited.

Soyez le premier à commenter

Poster un Commentaire

Votre adresse de messagerie ne sera pas publiée.