Apple’s iOS 15.6.1 software update fixes 2 security vulnerabilities
Apple released a new software update on Wednesday that should safeguard two security vulnerabilities that impacted every iPhone and iPad model capable of running iOS 15.
The first issue involved the potential for an application "to execute arbitrary code with kernel privileges," according to Apple’s security updates website.
A kernel is the central component of a computer’s operating system and it manages all of the operations and hardware. The kernel acts as a bridge between "applications and data processing performed at hardware level using inter-process communication and system calls," according to Geeksforgeeks.org.
Here are the specifics that Apple has provided on the security update:
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
- Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2022-32894: an anonymous researcher
The second security fix was in WebKit, the browser engine that powers Safari and all third-party browsers on iOS.
Here are the specifics for the fix:
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- WebKit Bugzilla: 243557CVE-2022-32893: an anonymous researcher
Apple said the newest update provides "important security updates and is recommended for all users."
Security experts have advised users to update affected devices — the iPhones6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. It also affects some iPod models.
Apple’s explanation of the vulnerability means a hacker could get "full admin access to the device" so that they can "execute any code as if they are you, the user," said Rachel Tobac, CEO of SocialProof Security.
Those who should be particularly attentive to updating their software are "people who are in the public eye" such as activists or journalists who might be the targets of sophisticated nation-state spying, Tobac said.
To remedy the two vulnerabilities, just go to the settings in your Apple device and scroll until you see the "general" tab. And once you’re there, you can head to "software updates" and the iOS 15.6.1 update option should be available.
The Associated Press contributed to this report. This story was reported from Los Angeles.