Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.
As usual, the update doesn’t include new features, except for some “important security fixes” that are “recommended for all users.” According to the notes, the update also addresses the Image I/O issue it recently resolved in iOS 16.6 via the new iOS 16.6.1 update. As per Apple, the issue “may have been actively exploited,” and it might lead to arbitrary code execution.
The security flaw, dubbed CVE-2023-41064, is linked to the exploit chain reported by Citizen Lab. According to the group, the actively exploited vulnerability was reportedly used to bring NSO Group’s Pegasus mercenary spyware to iPhone devices. The group named the exploit chain BLASTPASS, detailing its severity in the blog shared recently with the public.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the group wrote in the blog. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.”
This makes the update urgent for users who are still using iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). It can be found in the Settings app > General > Software Update.