Apple has fixed zero-day vulnerabilities that could be used by attackers to infect an iPhone via an iMessage exploit, according to a security firm.
Apple has rolled out important security fixes for iOS 16.5.1 and iOS 15.7.7
iOS 16.5.1 is rolling out to users of supported iPhone models, bringing important fixes for zero-day security flaws that could allow an attacker to infect and install spyware on an iPhone via iMessage, according to details shared by a security firm. The latest update also resolves a bug introduced with the previous update that prevented charging with Apple's Lightning to USB 3 camera adapter accessory. The company has also released updates to iPadOS 16.5.1, macOS 13.4.1, and watchOS 9.5.2, with security and bug fixes.
Apple has fixed zero-day (previously unknown) vulnerabilities on iOS 15.7.77 and iOS 16.5.1 that relate to the operating system's kernel and the WebKit engine that powers its Safari browser. The kernel security flaw would allow attackers to install "Triangulation" spyware on an iPhone, according to details shared by security firm Kaspersky. Apple has credited Kaspersky's Georgy Kucherin, Leonid Bezvershenko, and Boris Larin as well as an unnamed researcher for discovering the vulnerabilities.
The security firm explains that an attacker could send an iMessage with a malicious attachment to infect an iPhone that would remain in the device's RAM. If the device was rebooted or 30 days had elapsed, the spyware would be removed from memory. In order to reinfect the device, an attacker would have to send another maliciously crafted attachment via iMessage, according to Kaspersky. The company first revealed details of the security flaw earlier this month.
According to Apple, these security flaws have been fixed on iPhone and iPad with iOS 16.5.1, iOS 15.7.7, iPadOS 16.5.1 or iPadOS 15.7.7. Meanwhile, Mac owners can update to macOS 13.4.1, macOS 12.6.7 or macOS 11.7.8 to remain protected from the security flaw, while Apple Watch users will have to install the watchOS 9.5.2 or watchOS 8.8.1 updates.
Meanwhile, the iOS 16.5.1 update also comes with a fix for a bug introduced with the iOS 16.5 update that was rolled out last month. Updating to iOS 16.5.1 should restore the charging functionality of the Lightning to USB 3 camera adapter, that was accidentally removed with the previous update. Users can head over to the Settings app on their iPhone and tap on General > Software Update > Download and Install in order to download and install the latest software update.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.