Apple rolled out the long-awaited iOS 16.1 and iPadOS 16.1 updates for eligible iPhones and iPads. iPadOS 16.1 was the first chance users in the stable channel had to access the “16th”. After all, Apple skipped the iPadOS 16 release. The latest updates claim to fix a lot of bugs and issues. However, it seems that these new releases are not free from bugs. Moreover, they do bring serious issues.
A report from Economic Times (via ) cites an advisory by the Indian Computer Emergency Response Team (Cert-IN). They reveal a shocking truth: The latest iOS and iPadOS updates bring various breaches to iPhones and iPads. These breaches will allow hackers to remotely access a user’s private data. Moreover, they can run arbitrary code and spoof the interface address. The hackers can even run denial of service programs on the victim’s device in a remote form.
Gizchina News of the week
iPhones and iPads running iOS 16.1 / iPadOS 16.1 have a huge security breach
The Cert-IN, in its advice, states that several Apple iPhones and iPads running iOS 16.1 and versions prior to iOS 16.0.3 are vulnerable to cyber-attacks. The issue also pertains to devices running iPadOS with versions prior to the latest 16.1 release. When it comes to iOS, the security breach is present in versions previous to 16.0.3. When it comes to actual devices, the iPhone 8 and after being affected by this. On the iPad side, it includes Pro Call models, Air 3rd generation, and later, and the standard from 5th gen and later. It also affects the mini 5th gen and later. All these devices are on this list.
As per the advisor, the severity of the breach is high. It is there due to some security controls in the AppleMobileFileIntegrity component and more. One attacker can exploit these breaches and persuade the victim to open a special file or app on iPhones or iPads. These files may look fine on the surface, however, the underlying code includes a firmware that activates the code. If the attacker manages to access the victim’s device, it’s possible to “exploit these vulnerabilities that allow the attacker to access sensitive data”. Among other things.
Worth noting that there are also security issues in Safari versions prior to 16.1. In case you don’t know, it’s the native browser of Apple iPhones, iPads, and other devices. These vulnerabilities allow an attacker to spoof URLs. Through this, they can