What Apple’s Latest Software Update Means for Your Security

Apple’s latest security update is one you won’t want to skip. Whether you have a personal Apple device or one for work, a new security flaw is currently threatening both your private and business data. The company released its newest iPhone update Thursday, Sept. 7 as iOS 16.6.1. This update doesn’t come with new features or user-facing changes; rather, it
September 12, 2023
 / 
meritsolutions
 / 
Image

Apple’s latest security update is one you won’t want to skip.

Whether you have a personal Apple device or one for work, a new security flaw is currently threatening both your private and business data.

The company released its newest iPhone update Thursday, Sept. 7 as iOS 16.6.1. This update doesn’t come with new features or user-facing changes; rather, it patches exactly two security flaws:

ImageIO

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

Wallet

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A validation issue was addressed with improved logic.

CVE-2023-41061: Apple

While slightly different, both of these security flaws are ultimately the same: Whether your iPhone is infected via a maliciously crafted image, or a malicious attachment in Wallet, a bad actor can run whatever code they want on your device, effectively taking it over.

Worse, Apple confirmed a report that these flaws have been actively exploited. The flaws were originally discovered by The University of Toronto’s Citizen Lab, who were investigating a phone infected with Pegasus spyware. They found out these flaws were used to install the spyware on the phone in the first place. While Pegasus spyware is targeted towards high-profile individuals, all iPhone users should patch these issues as soon as possible. After all, bad actors could use these flaws to spy on your iPhone and steal sensitive data from your business.

Protect yourself: Update your iPhone ASAP.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.