News

What Apple’s Latest Software Update Means for Your Security

Apple’s latest security update is one you won’t want to skip. Whether you have a personal Apple device or one for work, a new security flaw is currently threatening both your private and business data. The company released its newest iPhone update Thursday, Sept. 7 as iOS 16.6.1. This update doesn’t come with new features or user-facing changes; rather, it
September 12, 2023
 / 
meritsolutions
 / 
Leave a Comment
 / 
Image

Apple’s latest security update is one you won’t want to skip.

Whether you have a personal Apple device or one for work, a new security flaw is currently threatening both your private and business data.

The company released its newest iPhone update Thursday, Sept. 7 as iOS 16.6.1. This update doesn’t come with new features or user-facing changes; rather, it patches exactly two security flaws:

ImageIO

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School

Wallet

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A validation issue was addressed with improved logic.

CVE-2023-41061: Apple

While slightly different, both of these security flaws are ultimately the same: Whether your iPhone is infected via a maliciously crafted image, or a malicious attachment in Wallet, a bad actor can run whatever code they want on your device, effectively taking it over.

Worse, Apple confirmed a report that these flaws have been actively exploited. The flaws were originally discovered by The University of Toronto’s Citizen Lab, who were investigating a phone infected with Pegasus spyware. They found out these flaws were used to install the spyware on the phone in the first place. While Pegasus spyware is targeted towards high-profile individuals, all iPhone users should patch these issues as soon as possible. After all, bad actors could use these flaws to spy on your iPhone and steal sensitive data from your business.

Protect yourself: Update your iPhone ASAP.

Share This

Leave a Reply

More Articles

Featured image for “Hackers Break Into Dropbox Sign, Stealing Customer Information”
May. 07, 2024

Hackers Break Into Dropbox Sign, Stealing Customer Information

Featured image for “How “Voice Isolation” Can Make Your iPhone Calls Clearer”
May. 07, 2024

How “Voice Isolation” Can Make Your iPhone Calls Clearer

Featured image for “Microsoft May Be Trying to Earn Back Trust in Cybersecurity”
Apr. 30, 2024

Microsoft May Be Trying to Earn Back Trust in Cybersecurity

Featured image for “Email Isn’t Always Secure (but It Can Be)”
Apr. 30, 2024

Email Isn’t Always Secure (but It Can Be)

Featured image for “You Should Check Which Apps on Your Smartphone Are Using Your Location”
Apr. 23, 2024

You Should Check Which Apps on Your Smartphone Are Using Your Location

View All

Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.