Apple has released iOS 16.2, the latest software update for the iPhone and iPad, which fixes numerous security vulnerabilities, including some that could allow cyber attackers to execute commands and take control of the devices.
iOS 16.2 and iPadOS 16.2 contain several new features for iPhone and iPad users, but alongside them are security updates that users are required to install to help protect their devices.
Among the vulnerabilities are CVE-2022-46689, a security flaw in the kernel — the core of the operating system — that could enable arbitrary code execution. Another flaw in the kernel – CVE-2022-42842 – could allow a remote user to execute code remotely.
Also: Public Wi-Fi security tips: Protect yourself from malware and security threats
The update also fixes several security vulnerabilities in WebKit, which powers web browsers on iOS and iPadOS. These include four different security issues — CVE-2022-42867, CVE-2022-46691, CVE-2022-46696, and CVE-2022-46700 — that are all flaws in WebKit that could allow attackers to direct users to maliciously create web content and this can lead to arbitrary code execution.
Among the other flaws addressed by the latest security update are CVE-2022-42846, a vulnerability in the graphics driver that could lead to a maliciously crafted video file that results in an unexpected crash system, along with CVE-2022-42837, a bug. in the iTunes store, which could allow a remote user to cause unexpected application termination or arbitrary code execution.
Full details of the vulnerabilities addressed in the 16.2 update are not yet available. “To protect our customers, Apple does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” Apple said in a document disclosing the vulnerabilities.
The latest list of security updates also reveals information about iOS 16.1.1, an iPhone-exclusive security update that was released last month. At the time, Apple didn’t reveal any information about why this was happening, only stating that it was important and that users should update as soon as possible.
It has now been revealed that the update addressed a security vulnerability that was being actively used by cyber attackers to target iPhones. CVE-2022-42856 affects iPhone 8 and later and is a bug which — by tricking the user into allowing it — enables the processing of maliciously crafted web content that could lead to arbitrary code execution .
The vulnerability was discovered by Google Project Zero, Google’s cybersecurity vulnerability research team, although full details about the flaw, who was using it and who was targeted, have not yet been revealed.
Also: Follow this simple rule for better phone security
To protect against all vulnerabilities, it is recommended that users apply updates when they can.
“CISA encourages users and administrators to review Apple’s security updates page for the following products and apply the necessary updates as soon as possible,” states CISA’s security update alert.
If automatic updates are not already enabled, you can apply the latest updates by going to Settings > General > Software Update.