Apple has released important security updates for older iPhones and iPads to fix a critical vulnerability that has been actively exploited by attackers. The company says it is aware of reports that the flaw was used in a highly sophisticated attack against a small number of specific individuals.
The vulnerability, an out-of-bounds write issue in the ImageIO component, could result in memory corruption when a user processes a malicious image file. WhatsApp has since confirmed that a vulnerability in its apps for iOS and macOS was used together with this flaw as part of targeted spyware attacks aimed at fewer than 200 people.
The fix for this flaw was originally released late last month for newer devices. Now, Apple has backported the update to the following older versions and devices:
- iOS 16.7.12 and iPadOS 16.7.12 for the iPhone 8, iPhone 8 Plus, iPhone X, and several older iPad Pro and iPad models.
- iOS 15.8.5 and iPadOS 15.8.5 for the iPhone 6s, iPhone 7, first-generation iPhone SE, and other older models.
In addition to this critical fix, the new updates address a number of other security flaws that could have serious consequences. These include vulnerabilities that could:
- Allow an app to access sensitive user data.
- Let an app monitor a user's keystrokes without permission.
- Allow an app to gain root privileges, giving it full control of the device.
- Cause an app to unexpectedly crash when processing maliciously crafted files.
- Allow a shortcut to bypass sandbox restrictions.
- Enable an app to break out of its sandbox.
While there is no evidence that any of these other flaws have been used in real-world attacks, it’s always a good practice to keep your devices up-to-date to ensure you have the best possible protection.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
