Three Zero Day Vulnerabilities Have Put Billions of iOS Users at Risk – Apple Asks All to Update to iOS 16.5 Immediately

Usually iPads and iPhones get auto updates at night as you sleep. However, this time, a warning has been issued asking all to update their iOS devices immediately without waiting for an auto update. Apple has addressed 39 security issues in the latest version of iOS that is iOS 16.5. Among these 39 issues, there are 3 zero day vulnerabilities. A zero day vulnerability is a security issue that is disclosed but not patched. These vulnerabilities can be exploited by hackers putting billions of Apple users at risk.

All three of the zero day vulnerabilities are related to WebKit. Specifically speaking these vulnerabilities are

• CVE-2023-32409: It could allow an attacker to breach the Web Content security sandbox.
• CVE-2023-28204: It may disclose sensitive information while processing web content.
• CVE-2023-32373: It could facilitate arbitrary code execution through malicious web content.

A hacker can use this chain of vulnerabilities to devise very effective attacks. In fact, combining these and some other vulnerabilities, a malicious actor can take over your device quite easily. Therefore, it is imperative that you update your iOS devices to 16.5 immediately. The auto update rolls in region by region and some devices may not get it immediately. It would be wise to go the manual way and update your device. 

According to Sean Wright, the chief application security engineer at Featurespace, iOS 16.5 itself has vulnerabilities, “chaining some of these vulnerabilities together could potentially allow an attacker to be able to remotely gain full control of a device.” He agrees, right now, the priority should be to avoid the zero day vulnerabilities that are being actively exploited. Nevertheless, Wright thinks people should not be panicked about the vulnerabilities. It is likely that hackers will try to attack high-profile users associated with politics or media.

It is fairly simple to get a manual update for your iOS device. Just go to Settings → General → Software Update. The rest will take care of itself. You can refer to this article to learn about the features and functionalities. 

Notably, Apple is about to bring out the Beta version of iOS 16.6 which is likely to feature the much awaited Contact Key Verification Functionality. It is going to be a welcome change for people concerned about security and privacy.