Apple has released an urgent software update for its devices, iOS 16.5.1, that you should download as soon as possible even if you have automatic updates turned on.
The update fixes two major security vulnerabilities. Both of these are being used in real-life iPhone cyberattacks. If these vulnerabilities are chained together, it could allow a remote attacker potentially full control over a compromised device.
What were the security fixes that Apple made?
Apple’s security fixes are related to the Kernel and WebKit components of the iOS operating system. The Kernel is the core of the system that manages the hardware and software interactions, while WebKit is the engine that powers the Safari browser on iOS devices. Both of these components had flaws that could allow an attacker to execute arbitrary code with kernel privileges or through malicious web content.
According to Kaspersky, the cybersecurity firm that reported these issues to Apple, the attackers used an invisible iMessage with a malicious attachment to deliver a spyware called TriangleDB in a zero-click attack. This spyware operates in memory and can steal various data from the infected device, such as audio recordings, photos, videos, location history, contact information, browsing history, passwords, and more.
How TriangleDB spyware can infect and monitor iOS devices without user interaction
This means a person using an iPhone, for example, doesn’t even have to click anything or interact with anything on their phone for the spyware to infiltrate their device. This is especially serious with the Kernel because it means that a hacker is getting to the core of the iOS operating system without anyone clicking anything and can likely get around many security tools on the device.
Once the spyware is on an iOS device, it can take audio recordings, photos, videos, location history, and more and share them with the hacker. It can also steal contact information, browsing history, passwords, and other sensitive data.
Who has been attacked, and should I be worried?
Kaspersky reported that they found several dozen iPhones that were infected with the new spyware, some of which belonged to senior employees at Kaspersky. The biggest targets as of now appear to be people like journalists, politicians, business executives, human rights activists, and other high-profile figures. Average civilians likely will not be attacked; however, you should still update your iOS devices with this new software as soon as you can.
How can I protect myself against this spyware?
First, the best thing you can do right now is to get this new iOS 16.5.1 update onto your iOS devices asap.
How to update your iOS devices
Go to Settings
Tap Software Update
You should see the update come up if you have not updated your device already. Click Install Now to begin the update
Have antivirus software installed
Second, not all of us will remember to regularly check our devices for new updates, which is why having antivirus software installed on all your devices is always a good idea. Antivirus software will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information. It will also be able to scan your device for malware and other viruses and warn you if it detects something suspicious.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to CyberGuy.com/LockUpYourTech
Kurt’s key takeaways
You should always be checking your settings on your devices to see if software updates are available. Companies like Apple put these bug fixes in place to protect you and your privacy, so you should be taking advantage of what they’re providing. I’m not exactly sure why Apple did not release iOS 16.5.1 as a Rapid Security Response update, a new feature that allows it to push out important upgrades on the fly. Maybe they wanted the flaws to be publicly known to encourage more people to apply iOS 16.5.1. Whatever the reason, it is up to us to remain vigilant against these hackers who constantly seek to circumvent the rules, so make sure you’re paying attention, updating your devices, and keeping your information out of the hands of these crooks.
How frustrating is it to have to continue to update your iPhone to ensure the security of your iOS devices because of these types of vulnerabilities? Let us know by writing us at Cyberguy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.