Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple fixes two exploited vulnerabilities in iOS 16.6 security update

Apple's security updates in iOS 16.6 and iPadOS 16.6 fix vulnerabilities and issues affecting the Neural Engine, WebKit, and Find My, along with two that are reportedly actively exploited.

Just after releasing iOS 16.6 and iPadOS 16.6 to the public, Apple has revealed the security-related content within the update. Posted to the online support pages, Apple has, as usual, listed all of the included issues, including how they could impact users and systems, and crediting researchers involved in their discovery.

The list for iOS 16.6 and iPadOS 16.6 is headed up by an unusual listing, for Apple Neural Engine. The issue that had the potential to execute "arbitrary code with kernel privileges has been addressed with "improved memory handling."

For Find My, it was found that an app had the potential to read sensitive location information. Improved restrictions were applied to a "logic issue" to fix it.

Of the 16 fixes included in the release, six were related to WebKit, including one where a website could bypass "Same Origin Policy," as well as more typical problems involving arbitrary code execution. Issues were also found under the WebKit Process Model and WebKit Web Inspector.

Five are listed as Kernel updates, with a mix of privilege escalations and code execution issues.

In the list, Apple does denote that two fixes relate to flaws that may have been used in exploits against iOS.

One, for the Kernel, says an app could modify a sensitive kernel state, and that it "may have been actively exploited against versions of iOS released before iOS 15.7.1." The malware was publicly reported on June 1, and was identified by Kaspersky.

The second, under WebKit, is also labeled as having been actively exploited in the past. In this case, the flaw refers to how the processing of web content could lead to code execution.

As well as iOS 16.6 and iPadOS 16.6, Apple also distributed lists of security fixes for its other releases, including macOS Ventura, tvOS 16.6, watchOS 9.6, and releases for earlier operating systems.

AppleInsider recommends that users install updates from software providers, such as Apple, as soon as is practicable to maintain the security of their systems and data. Regular backups of data is also strongly recommended.



2 Comments

michelb76 8 Years · 703 comments

Update looked stalled for a good 20 mins, then the phone booted up.

BiCC 1 Year · 59 comments

I would recommend to wait or NOT to update - When Apple comes up with a new Operating System, wait a month.  As big as Apple is, developers don't exactly conform to Apple's schedule.  What are the new features anyway - nothing really changes.  The Firmware updates make a world of a difference and that's Robot language.  Only Java can exploit WebKit.  command + U (all three pushed at the same time) will show you the HTML.  If that command is blocked, that is strainge.