Elsewhere, a series of WebKit fixes address a vulnerability where “processing web content may lead to arbitrary code execution.” One of the listings notes that Apple had received reports of this hole being “actively exploited,” which means it was likely used to execute a live malware attack.
Wait, Has My iPhone Been Hacked?
Probably not, but as the iOS 16.6 release notes reveal, a couple of the vulnerabilities have been linked to active exploits. This means some devices out there may have been targeted by an actual attack, with the fine print telling us devices running iOS 15.7.1 or older were particularly vulnerable.
What this potential hack looks like is less straightforward. Basically, security researchers recently highlighted iPhone malware that required zero user interaction to trigger, otherwise known as a “zero click” attack. This is what Apple means when it refers to “arbitrary code execution.”
Moreover, the long list of Kernel patches included in the iOS 16.6 security notes points back to the “Operation Triangulation” iMessage malware spotted by Kaspersky. It’s this flaw that partly led to the release of the Rapid Response Update, along with a similar “zero click” attack targeting web browsers that was reported. Fortunately, such complexities are now less important than the fact that iOS 16.6 has been released and offers protection against these and other vulnerabilities.