Apple released iOS 15.6.1 (and iPadOS 15.6.1) to all compatible devices on Wednesday evening to eradicate security flaws in the kernel and WebKit portions of the software, both of which the company says may have been “actively exploited.”
In a post on Apple’s security updates web page, Apple says the Kernel weakness meant an “application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”
This “out of bounds write issue” has now been rectified after it was brought to the attention of the company by an anonymous researcher.
It’s a similar story with the WebKit (the back-end browser engine used to power Safari, Mail, the App Store and much) vulnerability.
Apple says: “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” This issue was also spotted by a researcher and has been resolved in the same manner.
The bug fixes releases are very common, but the admission the issues may have been exploited in the wild are not. With that in mind we’d echo Apple’s recommendation that everybody install this with a quickness. All you need to do to install the update is head to Settings > General > Software Update on your iPhone or iPad. Select ‘Download and Install’ to complete the process. It’s only a 269MB file on our iPhone 12 Pro Max, so it shouldn’t take long.
It’s possible this could be the last iOS 15 update of any kind before iOS 16 arrives next month. Given there’s a pretty solid indication the iPhone 14 launch will take place on September 7, we can expect the software updates to arrive a few days later.