Apple released iOS 16.6.1, macOS 13.5.2, iPadOS 16.6.1 and watchOS 9.6.2 on Thursday to address a potentially serious security vulnerability. All the updates fix security flaws, including one that may already have been exploited by hackers to deliver the infamous Pegasus spyware.
So don’t delay — update your devices with these patches soon.
What’s new in iOS 16.6.1, macOS 13.5.2, and more
So many millions of people use iPhones, Macs and other Apple computers that hackers are always looking for ways through Cupertino’s defenses. Apple does its best to foil them — hence the security patches introduced Thursday.
Apple’s release notes for iOS 16.6.1 and iPadOS 16.6.1 show that one of the newly discovered security vulnerabilities is unusual because it involves “a maliciously crafted image” rather than a more-typical URL or file attachment. Displaying that image helps the hacker gain access to the device.
The NSO Group exploited the bug to deliver its Pegasus mercenary spyware, according to The Citizen Lab at The University of Torontoʼs Munk School. The lab discovered the vulnerability and reported it to Apple.
BLASTPASS is a severe security vulnerability
“We refer to the exploit chain as BLASTPASS,” The Citizen Lab wrote on its website. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.”
The other security bug closed by the fresh iOS patch is in the Wallet app. (And that’s never a good thing.)
macOS Ventura 13.5.2 also fixes the bug related to malicious images, according to the release notes. And watchOS 9.6.2 closes the same vulnerability in Wallet as the iPhone update.
All of these come with a warning from the iPhone-maker: “Apple is aware of a report that this issue may have been actively exploited.” That’s not true for every previous security hole — most of these were found by researchers so Apple could safely close them.
To be clear, the new system software for iPhone, Mac, iPad and Apple Watch contains only bug fixes and security updates. There are no new features. But a raft of new features will arrive in iOS 17, macOS Sonoma, etc., when Apple releases them to the public later this year.
How to install iOS 16.6.1, macOS 13.5.2, iPadOS 16.6.1 and watchOS 9.6.2
iPhone and iPad users can install the new iOS and iPadOS versions directly by opening the Settings app and going to General > Software Update. Alternatively, you can update your devices by connecting them to a Mac (or to a PC running iTunes).
To download the macOS Ventura update, go to Apple menu > About This Mac. Then click Software Update. Alternatively, you can install the new version from the App Store. (Note: At the time of this writing, Apple had not yet updated the version of macOS in the App Store. But it should happen soon.)
The watchOS update can be installed directly onto an Apple Watch, as long as the wearable is connected to Wi-Fi. From the Settings app just navigate to General > Software Update. Or you can install it from an iPhone by opening the Apple Watch app and going to My Watch > General > Software Update.
