Apple’s new iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 updates fix two dangerous vulnerabilities that have been exploited in the wild.
The company launched the new software updates on September 7, 2023, with no new user-facing features. Release notes are somewhat cryptic, saying the latest updates provide “important security fixes” and are “recommended for all users.”
The company maintains a webpage detailing Apple security releases that provides additional information about the included patches. The new updates released to the public just a few days ahead of the September 12 “Wonderlust” iPhone 15 presentation where Apple is expected to announce the iOS 17 release date.
What security fixes are included in iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2?
The following support documents detail security fixes included in the updates:
- About the security content of iOS 16.6.1 and iPadOS 16.6.1
- About the security content of watchOS 9.6.2
- About the security content of macOS Ventura 13.5.2
iOS 16.6.1, iPadOS 16.6.1 and macOS Ventura 13.5.2 patch a vulnerability found in Apple’s Image I/O framework that apps use to read and write most image file formats. The bug allowed an attacker to pass a maliciously crafted image to Image I/O in the hope of executing rogue code. This is due to a buffer overflow issue that the company addressed with improved memory handling.
Apple confirms that it’s aware of a report that this issue may have been actively exploited in the wild by malicious users. Image I/O has been the source of other dangerous exploits in the past, including one that permitted an attacker to gain control over a user’s device by sending a maliciously crafted image over iMessage.
iOS 16.6.1, iPadOS 16.6.1 and watchOS 9.6.2 also patch a buffer overflow bug found in the stock Wallet app on the iPhone, iPad and Apple Watch. This vulnerability could be exploited to permit an attacker to execute arbitrary code through a maliciously crafted attachment. It, too, may have been actively exploited, Apple says.
How to install iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2
You can install iOS 16.6.1 and iPadOS 16.6.1 on your iPhone or iPad by going to Settings > General > Software Update and following the onscreen instructions.
To install watchOS 9.6.2 on your Apple Watch, go to Settings > General > Software Update on the watch itself. Alternatively, open the companion Watch app on your iPhone, hit the My Watch tab and choose General > Software Update.
To install macOS Ventura 13.5.2 on your Mac, click the Apple menu, choose System Settings, select General in the sidebar and then Software Update on the right.
You can check the build number of the installed operating system software on your iPhone or iPad by venturing into Settings > General > About > iOS Version. The build number is printed in the parentheses after the iOS version number.
To do the same on your Apple Watch, open the Watch app on your paired iPhone, hit the My Watch tab and go to General > About > Version.
On your Mac, navigate to System Settings > General > About and find the version and build number displayed in the macOS section.