A few days after the Wonderlust event and the following release of the final version of iOS 17, Apple made a minor update available which turned out to be much more important than expected. iOS 16.6.1in fact, does not introduce any new features but resolves some vulnerabilities, and among these there is an exploit exploited by spyware Pegasus.
iOS 16.6.1 wipes out a dangerous zero-day exploit
On the discovery of the zero-day exploit there is the signature of Citizen Lab, who shared interesting details in posts on his blog. The vulnerability allows web attackers to attack victims’ devices with the NSO Group’s Pegasus spyware. «The exploit chain was able to compromise iPhones running the latest version of iOS (16.6) without any interaction from the victims“, it is read.
Once the vulnerability was discovered, Citizen Lab promptly notified Apple who then released the security patch to fix the problem. «This latest discovery», continues Citizen Lab, «demonstrates once again that civil society is being targeted by highly sophisticated exploits and mercenary spyware».
In 2021, Apple sued NSO Group for creating and disseminating the Pegasus spyware. For those who don’t know, it is spyware developed for governments and law enforcement agencies, not for “ordinary” users. However, many countries that have purchased it are apparently using it to spy on journalists and political opponents, putting them in danger.
How to update to iOS 16.6.1
As mentioned, iOS/iPadOS 16.6.1 is available for iPhone/iPad users. To download the update simply go to Settings > General > Software Update.
Given the danger of the exploit, it is advisable to install the update as soon as possible.