Apple released the iOS 16.6.1 update this afternoon, along with details about the security fixes included in the update.
Apple says so iOS 16.1.1 fixes two important security vulnerabilitieswhere both “It may have been actively exploited.”
The first fix in iOS 16.6.1 affects Image I/O, Apple’s system that allows apps to read and write most image file formats and access an image’s metadata.
Apple shared the following details about this vulnerability and the fix:
- Impact: Processing a maliciously crafted image may result in arbitrary code execution. Apple is aware of a report indicating that this issue may have been actively exploited.
- Description: A buffer overflow issue has been addressed through improved memory management.
- CVE-2023-41064: The Citizen Lab at the Munk School at the University of Toronto
The second vulnerability patched in iOS 16.6.1 affected the Apple Wallet application:
- Impact: A malicious attachment may result in arbitrary code execution. Apple is aware that this issue may have been actively exploited.
- Description: A validation issue has been resolved with improved logic.
- CVE-2023-41061: Apple
The image I/O flaw was also fixed with today’s release of macOS Ventura 13.5.2, but macOS was not affected by the wallet vulnerability. For Apple Watch users, watchOS 9.6.2 fixes the Apple Wallet bug, but the platform is not affected by the image I/O bug.
With these important security fixes We recommend updating your iPhone, iPad, Mac, and Apple Watch devices to the latest versions of their operating systems as soon as possible.