Apple has just pushed out an important software update for iPhone and iPad users, with its new iOS 16.6 and iPadOS 16.6 releases immediately falling into the must-download category due to the security fixes that are included.
In what likely represents the last major iOS 16 upgrade before iOS 17 is released into the wild this September, iOS 16.6 definitively addresses the vulnerabilities that caused Apple to release just its second-ever Rapid Security Response update a couple of weeks ago.
Specifically, iOS 16.6 patches holes in Find My, Apple Neural Engine, and WebKit including two flaws that are reported as having being actively exploited – or used in a real-life attack.
What's New in iOS 16.6 and iPadOS 16.6? Security, Not Features
To cut to the chase, iOS 16.6 doesn't include any new user-facing features but rather is an extension of Apple's recent Rapid Security Response patch. Â In other words, iOS 16.6 is a security focused update that's noteworthy for what it fixes, rather than what it introduces.
Apple now offers a detailed look at the iOS 16.6 and iPadOS 16.6 security content on its Support pages. In Apple's Find My app, commonly used by iPhone and iPad users to locate lost devices, the update should stop sensitive location information being read without permission. With relation to the Apple Neural Engine, the new iOS update closes a gap allowing for the potential execution of “arbitrary code with kernel privileges.”
Elsewhere, a series of WebKit fixes address a vulnerability where “processing web content may lead to arbitrary code execution.” One of the listings notes that Apple had received reports of this hole being “actively exploited,” which means it was likely used to execute a live malware attack.
Wait, Has My iPhone Been Hacked?
Probably not, but as the iOS 16.6 release notes reveal, a couple of the vulnerabilities have been linked to active exploits. This means some devices out there may have been targeted by an actual attack, with the fine print telling us devices running iOS 15.7.1 or older were particularly vulnerable.
What this potential hack looks like is less straightforward. Basically, security researchers recently highlighted iPhone malware that required zero user interaction to trigger, otherwise known as a “zero click” attack. This is what Apple means when it refers to “arbitrary code execution.”
Moreover, the long list of Kernel patches included in the iOS 16.6 security notes points back to the “Operation Triangulation” iMessage malware spotted by Kaspersky. It's this flaw that partly led to the release of the Rapid Response Update, along with a similar “zero click” attack targeting web browsers that was reported. Fortunately, such complexities are now less important than the fact that iOS 16.6 has been released and offers protection against these and other vulnerabilities.
How To Upgrade to iOS 16.6 and iPadOS 16.6 Today
Security researchers and, indeed, Apple itself always encourage iPhone and iPad users to download the latest available version of software for their devices. In this case (and others), we wholeheartedly agree.
This is an important iOS security fix, especially for folks who haven't updated in a while, given the fact that older versions of iOS were specifically targeted in the active exploits.
Fortunately, updating to iOS 16.6 (or iPadOS 16.6) is very straightforward. Here's what to do
- Open “Settings” on your device
- Click “General” then “Software Update”
- Select “Download and Install”
It's worth doing this on Wi-Fi, to speed things up, though this is a relatively modest sized update and clocked in at just under 630MB on my iPhone 12 Pro. Mac users will also want to note that similar flaws were also discovered in MacOS Ventura and an update (version 13.5) has also been released to address these, alongside smaller updates for Apple's watchOS and tvOS software.
Read more: iPad Air vs iPad Pro