The first issue fixed in iOS 15.6.1 is a vulnerability in the iPhone Kernel tracked as CVE-2022-32894 that could allow an application to execute code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker says on its support page.
The other issue patched in iOS 15.6.1 is a flaw in WebKit, the browser engine that powers Safari, CVE-2022-32893, that could allow arbitrary code execution. Apple says it believes attackers have used it in real-life scenarios.
The iOS 15.6.1 upgrade “provides important security updates and is recommended for all users,” Apple says in its release.
Apple’s iOS 15.6.1 comes just weeks after iOS 15.6, and is the latest of multiple iOS fixes for already exploited issues this year.
Apple doesn’t give any more details about the iPhone vulnerabilities fixed in iOS 15.6.1, to avoid more attackers getting hold of the details. But it goes without saying that this update is a big one, and without information about who is a target, the most sensible thing to do is update now.
Techselect 