Apple released the iOS 16.6 update that fixes a total of 16 security flaws, with special attention to two that are being actively exploited. This latest release focuses on enhancing the security and stability of iOS devices. While it may not offer any new features to users, the importance of these security updates cannot be overstated.
To update to the new version, go to session > General Settings > Program updates.
iOS 16.6 security update details
iOS 16.6 fixes security vulnerabilities in various system components, including the kernel, WebKit, Apple Neural Engine, Find My, libxpc, NSURLSession, WebRTC, WebKit Process Model, and WebKit Web Inspector.
Vulnerabilities are actively exploited
Two critical security flaws were identified that were actively exploited prior to the release of iOS 16.6. The first is related to the WebKit component, which handles web content processing and can trigger arbitrary code execution. The second relates to the kernel, where an application can modify sensitive kernel state or execute arbitrary code with kernel privileges. Apple acknowledged these issues and quickly provided fixes to protect users from potential threats.
Kernel vulnerability
The iOS 16.6 update addresses several kernel vulnerabilities, some of which were previously reported and fixed in previous iOS versions. However, the latest update ensures that these issues are completely resolved, further enhancing the security of the operating system.
Apple’s Neural Engine and Find My
For devices with the Apple Neural Engine, the update addresses an issue that could allow malicious apps to execute arbitrary code with kernel privileges. Additionally, a logic issue with Find My that might have allowed apps to access sensitive location information has been resolved.
WebKit and web content processing
Several fixes have been made to the WebKit component responsible for handling web content. The update addresses issues such as ignoring the same-origin policy, handling web content that leads to arbitrary code execution, and disclosure of sensitive information through the Web Inspector.
Libxpc, NSURLSession, and WebRTC
iOS 16.6 includes patches for vulnerabilities in libxpc, NSURLSession, and WebRTC. These fixes improve route handling, prevent denial-of-service attacks, and ensure better file-handling protocols to improve overall system security.