Apple has released iOS 16.6 for the iPhone and iPadOS 16.6 for, well, the iPad. The updates will patch several vulnerabilities including one that impacts the Apple Neural Engine. The latter delivers on-device natural language processing and image analysis faster and with more energy efficiency than the CPU or GPU. Apple says that an app might be able to execute arbitrary code with kernel privileges which means an attacker could run any command on a targeted iPhone or iPad.
This patch is heading to iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation). A vulnerability on the Find My app could allow sensitive location information to be divulged via an app. This patch will be available to the iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Several patches for the Kernel are part of the update. This is the core part of an operating system. With one flaw, Apple says it is aware of reports that the vulnerability has been actively exploited on versions of iOS released before iOS 15.7.1. With this vulnerability, “an app may be able to modify sensitive kernel state” allowing the attackers to manipulate how the operating system runs.
Other possible attacks against the iOS and iPadOS kernels listed by Apple include one that could allow the attackers to elevate privileges giving them the ability to do more than standard users. Another flaw could lead to a denial-of-service attack that could prevent users from accessing the features and apps they want to use. And another vulnerability can give an attacker root privileges. This could allow an attacker to create a backdoor, add a trojan, or delete any information on an iPhone or iPad.
There are two vulnerabilities listed for the WebKit browser engine including one that has been actively exploited according to reports that Apple has become aware of. With these security issues, it is a good idea to install the update now. Go to Settings > General > Software Update and follow the directions. Other updates available today include watchOS 9.6, macOS 13.5, and tvOS 16.6.
