Apple has released iOS 15.6.1, along with a warning to update now, because it fixes two security holes already being used to attack iPhones.
The first issue fixed in iOS 15.6.1 is a vulnerability in the iPhone Kernel tracked as CVE-2022-32894 that could allow an application to execute code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker says on its support page.
The other issue patched in iOS 15.6.1 is a flaw in WebKit, the browser engine that powers Safari, CVE-2022-32893, that could allow arbitrary code execution. Apple says it believes attackers have used it in real-life scenarios.
The iOS 15.6.1 upgrade “provides important security updates and is recommended for all users,” Apple says in its release.
Update to iOS 15.6.1 as soon as you can
Apple doesn’t give any more details about the iPhone vulnerabilities fixed in iOS 15.6.1, to avoid more attackers getting hold of the details. But it goes without saying that this update is a big one, and without information about who is a target, the most sensible thing to do is update now.
“Apple iOS 15.6.1 is an important update,” says independent security researcher Sean Wright. He says it’s possible the two vulnerabilities “could be chained together to allow attackers to remotely gain full access to victims’ devices.”
Taking this into account, he recommends you update your iPhone to iOS 15.6.1 as soon as possible.
I agree. Some people don’t like to update to iPhone versions straight away to wait for any bugs to be ironed out. However, I recommend you make an exception and update to iOS 15.6.1—issues in the Kernel are about as bad as you can get, so it’s not worth taking the risk.
So what are you waiting for? Go to your iPhone Settings > General > Software Update and download and install iOS 15.6.1 now.