A few days before the presentation of the new iPhone 15 and iOS 17, Apple urgently published a security update for iOS, iPadOS, macOS and watchOS in order to correct two zero-day vulnerabilities which were exploited to spread the Pegasus spyware from NSO Group.
One of the flaws concerns Image I/O, the iOS framework that allows apps to read and write image formats on iPhone. Apple explains that a maliciously crafted image can trigger the execution of arbitrary code.
Apple with a whisk
The second flaw concerns the Wallet application. A malicious attachment can also cause arbitrary code execution. “Apple is aware of a report that this issue may have been actively exploited. », Specifies the company about these two vulnerabilities.
Updates are available for the following devices and operating systems:
- iOS 16.6.1 and iPadOS 16.6.1: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later;
- macOS Ventura 13.5.2: macOS devices running macOS Ventura;
- watchOS 9.6.2: Apple Watch Series 4 and later.
Apple will unveil its new iPhone, Apple Watch and software products during its “Wonderlust” event on September 12.