iOS 15.6.1 is a big update, but don’t let the media scare you away

  • Apple released iOS 15.6.1 to address two specific security issues.
  • Mainstream media reports are freaking people out more than they need to.
  • The update is important, but you really shouldn’t worry about the issues it fixes.

d3sign/Getty Images

While the new iOS 15.6.1 update isn’t nearly as critical as reports claim, you’ll still want to install it.

Apple’s recent iOS 15.6.1 release includes two notable security updates for issues that could put your phone at risk. But its release has gone mainstream and some reports have caused unnecessary panic among people who usually don’t pay attention to such things.

“I was also surprised how the media picked up on this particular update when security updates like this happen every two months,” said malware researcher Marc-Étienne Léveillé. to digital security company ESET, to Lifewire via email. “It was also picked up by the local media here [in Canada].”

What’s at stake?

With the release of iOS 15.6.1, Apple is addressing two specific issues, according to the security release notes, one related to WebKit, the other to the kernel. Both are important for similar reasons.

Webkit is the web browser engine used by Safari and all other iPhone browsers, and it’s an important component of every iPhone used around the world. In the release notes, Apple said “Processing of maliciously crafted web content may lead to execution of arbitrary code,” meaning a malicious actor could use a website to run software on your iPhone. without your knowledge. This software could steal your personal data or worse.

Fortunately, for the vast majority of users, it is very unlikely that they will be affected by a software security flaw.

Similarly, the kernel exploit allows malicious actors to run software with elevated privileges. The kernel is the part of iOS that loads first when you turn on your iPhone, and it’s an essential part of the operating system. By allowing execution of arbitrary code with kernel privileges, this security flaw could give someone full access to all functions and data on your device.

Apple has confirmed that it “is aware of a report that this issue may have been actively exploited”. This part worries a lot of people, perhaps rightly so. But, as always, there are nuances in this situation.

vital context

Hacking iPhones is big business, and companies like NSO Group sell spyware like Pegasus for exactly that. Pegasus has been used to spy on government officials and journalists for the past few years and does so using security flaws like those patched in iOS version 15.6.1.

Security expert Léveillé agrees that the exploits patched by Apple are unlikely to see widespread use. He added: “The exploit code to use the vulnerabilities is not publicly known, so only a very limited number of people or organizations can use them. Given the rarity and price of these exploits, they are generally not used to massively compromise Apple devices. He goes on to say that you can update your iPhone at your own pace, “unless you think you’re a target of spyware like Pegasus.”

Léveillé is not the only expert to adopt this approach. In an email interview with Lifewire, Ben Wood, Principal Analyst at CCS Insight, said, “Fortunately, for the vast majority of users, they are highly unlikely to be affected by a software security breach. ” He added that “as with all software, the best thing is for consumers to keep their software up to date on all devices.”

Unfortunately, this is not the message people hear. The mainstream media picked up the story and really focused on warning that there is an “urgent” need for everyone to get up to speed. Therefore, people’s perception it’s that they’re walking around with a ticking time bomb, even though they’re not.

Apple takes security seriously, going so far as to sue the NSO Group, and offers features specifically designed to help people who believe they are a target for his software.

“If your device contains very sensitive information or you think you might be a potential target for spyware like Pegasus, I would consider updating to iOS 16 when it becomes available and enabling lockdown mode “, suggested Léveillé.

#iOS #15.6.1 #big #update #dont #media #scare

Leave a Comment