After releasing iOS 16.6.1 for iPhone users this afternoon, Apple has also now published full details on the security fixes induced in the update. Apple says that iOS 16.1.1 patches two key security vulnerabilities, both of which “may have been actively exploited.”
The first fix in iOS 16.6.1 relates to Image I/O, which is Apple’s framework that allows apps to read and write most image file formats and access an image’s metadata. Apple shared the following details on this vulnerability and the fix:
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2023-41064: The Citizen Lab at The University of Torontoʼs Munk School
The second vulnerability patched in iOS 16.6.1 affected the Apple Wallet app:
- Impact: A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A validation issue was addressed with improved logic.
- CVE-2023-41061: Apple
The Image I/O bug was also patched with today’s release of macOS Ventura 13.5.2, but macOS was unaffected by the Wallet vulnerability. For Apple Watch users, watchOS 9.6.2 addresses the Apple Wallet bug, but the platform was unaffected by the Image I/O bug.
With these important security fixes, we recommend updating your iPhone, iPad, Mac, and Apple Watch devices to the latest versions of their operating systems as soon as possible.
Join 9to5Mac in supporting St. Jude this September for Childhood Cancer Awareness Month.
Follow Chance: Threads, Twitter, Instagram, and Mastodon.
FTC: We use income earning auto affiliate links. More.
Comments