Home Apple PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability

PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability

by Kyle Meranda

Apple has released significant updates for its operating systems, including macOS 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, with the primary focus being to fix security vulnerabilities. According to Apple, these vulnerabilities were actively exploited in the wild, meaning that hackers were already taking advantage of them.

One of the vulnerabilities addressed by Apple involves processing a maliciously crafted image. This flaw could allow hackers to execute arbitrary code and gain access to the operating system using a simple picture. By fixing the ImageIO process and addressing a buffer overflow issue related to memory handling, Apple has enhanced the security of its operating systems.

In addition to the image-related vulnerability, another flaw was found in the Wallet app in iOS, iPadOS, and watchOS. If a user received a maliciously crafted attachment via the Wallet app, it could also result in arbitrary code execution. Apple has addressed this issue by improving the validation logic within the app.

Due to the seriousness of these vulnerabilities and their potential impact, it is crucial for users to install the latest updates as soon as possible. Apple strongly recommends that all users update to iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2. These updates contain essential security fixes that will help protect users’ devices and sensitive information.

In a recent report from Citizen Lab, it was revealed that these vulnerabilities were part of a broader exploit chain called “BLASTPASS.” This exploit chain has been observed being used in the wild to deliver NSO Group’s Pegasus spyware. Pegasus is particularly concerning as it can infiltrate the devices of government officials, journalists, activists, and others who may possess sensitive information.

The exploit chain involving Pegasus takes advantage of a zero-click vulnerability. This allows attackers to send a maliciously crafted PassKit (Wallet) image to their target via iMessage, infecting their device without any interaction from the victim. These attacks can be prevented by applying the latest updates or by enabling Lockdown Mode on the device.

In conclusion, the recent updates released by Apple for macOS, iOS, iPadOS, and watchOS are crucial for addressing security vulnerabilities actively exploited in the wild. Users should update their devices immediately to ensure the safety and integrity of their personal information.

You may also like