Apple has released an emergency patch for two vulnerabilities in iOS that could be exploited to launch malware on iPhones and iPads.
The first vulnerability, CVE-2023-41064, affects Image I/O, a software framework that helps apps read and write various image formats. A buffer overflow issue in Image I/O could be exploited to create a maliciously crafted image that would trigger iOS to run rogue code. This could be used to download malware to the device.
The second vulnerability, CVE-2023-41061, affects the Apple Wallet app. It can be exploited to manipulate the Wallet app to run rogue code if iOS processes a malicious attachment.
Apple is aware that these vulnerabilities have been actively exploited. The company is urging users to update their devices to iOS 16.6.1 or iPadOS 16.6.1 as soon as possible.
To update your device, go to Settings > General > Software Update.
These vulnerabilities are a reminder that even the most secure devices are not immune to attack. It is important to keep your devices up to date with the latest security patches to protect yourself from malware and other threats.
