Apple has issued iOS 16.5.1, an emergency iPhone update you should apply now. That’s because iOS 16.5.1 fixes two serious security flaws, both of which are being used in real-life iPhone attacks.
Apple doesn’t give much detail about what’s fixed in iOS 16.5.1, to give iPhone users time to update before more attackers can get hold of the details.
According to Apple’s support page, the iOS 16.5.1 upgrade fixes an issue in the Kernel tracked as CVE-2023-32434 that could allow an attacker to execute code with Kernel privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” the iPhone maker said.
The second issue fixed in iOS 16.5.1 is a flaw in WebKit, the engine that underpins Apple’s Safari browser, which could enable an attacker to execute code via malicious web content. Apple said it is “aware of a report that this issue may have been actively exploited.”
While the details are scant, experts say the issues fixed in iOS 16.5.1 need your immediate attention because they could be chained together, allowing an adversary to use them remotely.
Independent security researcher Sean Wright describes the flaws patched in iOS 16.5.1 as “pretty severe,” adding that the vulnerabilities “could be chained together to allow a remote attacker potentially full control over a compromised device.”
Why Hasn’t Apple Fixed These Flaws As Part Of A Rapid Security Response Update?
Some experts have questioned why iOS 16.5.1 hasn’t been released as a Rapid Security Response update—a new feature that allows the iPhone maker to push out important upgrades on the fly.
Perhaps the issues fixed in iOS 16.5.1 are very new, in which case it would make sense to make them part of a high-profile point upgrade. Maybe the iPhone maker wants the flaws to be publicly known to encourage as many people as possible to apply iOS 16.5.1.
Apple hasn’t released figures detailing how many people have enabled Rapid Security Response or how many enabled the last (and first-ever) update. It might have decided the iOS 16.5.1 fix was too important to experiment with.
Why You Should Update To iOS 16.5.1 Now
Given how little we know about what’s fixed in iOS 16.5.1 and who attacks targeted, it makes sense to upgrade as soon as possible. Wright concedes that iPhone attacks are usually very targeted—often using vulnerabilities to plant spyware on a specific group of users—but attackers could still use the flaws more broadly. “I would highly recommend affected users update as soon as they can,” he says.
You will need to manually upgrade your iPhone to iOS 16.5.1—even if you have Automatic Updates enabled—because the roll out of updates can be slow.
Apple has also released iOS 15.7.7 for users of older iPhones, fixing three flaws. However, if you have a device capable of running iOS 16.5.1, you must update to the latest operating system to stay safe.
So you know what to do, go to your Settings > General > Software Update and upgrade to iOS 16.5.1 now to keep your iPhone safe.