Apple has switched from its Lightning connector to USB-C — we explain which is better and why they did it
iPhone and iPad update fixes kernel and WebKit security flaws that ‘may have been actively exploited’
iPhone and iPad users may want to immediately install the iOS 15.6.1 and iPadOS 15.6.1 updates on their devices. Apple confirmed on Wednesday that these updates address security issues that were possibly “actively exploited.”
In a security support post published on Wednesday, Apple confirmed that the iOS 15.6.1 and iPadOS 15.6.1 address security flaws identified as CVE-2022-32894 and CVE-2022-32893 that could allow attackers to implement “arbitrary code execution.”
Like in previous security issues reports, Apple did not provide specifics on these security incidents. The company only said both flaws were discovered by an anonymous researcher. But in both cases, the tech giant confirmed, “Apple is aware of a report that this issue may have been actively exploited.”
The updates are advised to be installed on a host of iPhone and iPad models. The list includes iPhone 6S and later, all iPad Pro models, iPad Air 2 and later, iPad 5 and later, iPad mini 4 and later, and the seventh-gen iPod touch.
SocialProof Security CEO Rachel Tobac said (via The Guardian) said the nature of these security flaws could have allowed attackers to gain “full admin access” to a target device. And because they target WebKit and gain kernel privileges, attackers could execute codes with the same level of access as the device owner.
While everyone using the above-mentioned devices is advised to install the said updates, Tobac added that these updates are more significant for iPhone and iPad users “in the public eye” like activists and journalists.
Apple did not specify which group or individuals have exploited the flaws addressed in iOS 15.6.1 and iPadOS 15.6.1. But this would not be the first time that an iOS or iPadOS security issue has been used to execute a spyware tool. The iPhone maker sued Israel’s NSO Group last November, accusing it of targeting and surveilling Apple users with its proprietary Pegasus spyware.
The lawsuit was filed a few months after the media non-profit Forbidden Stories reported, based on a leak with 50,000 phone numbers allegedly targeted by NSO’s clients, that Pegasus was used against at least 180 journalists around the world. “Potential targets also include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states,” Forbidden Stories added.