Episode 10

bonus
Published on:

8th Sep 2023

Security Update: Urgent iOS Update Alert for iPhone Users

Attention iPhone users! Apple has just released an emergency update, iOS 16.6.1, which addresses two critical vulnerabilities that have been actively exploited in real-world scenarios. Here's what you need to know:

  1. The Flaws: The first vulnerability is associated with ImageIO, identified as CVE-2023-41064. This flaw could let attackers execute malicious code through a specially crafted image. The second vulnerability is linked to Apple's Wallet, labeled as CVE-2023-41061. This could allow attackers to execute code via a malicious attachment. Apple has confirmed that both these issues have been actively exploited.
  2. Real-Life Implications: These vulnerabilities aren't just theoretical. They've been used in real-life attacks to deploy spyware without any user interaction. Notably, the infamous Pegasus spyware, which grants attackers full access to iPhones, has been linked to these flaws. Citizen Lab, a security research group, discovered an exploit named "BLASTPASS" that compromised iPhones running iOS 16.6 without any user interaction.
  3. Why Update Now: Given the severity of these vulnerabilities, it's crucial to update to iOS 16.6.1 immediately. Even if you believe you're not a direct target, the more these flaws are known, the higher the risk of them being used maliciously. Independent security researcher, Sean Wright, emphasizes the importance of updating promptly. For those concerned about potential compromises, tools like iVerify can be used to check device security. Additionally, Apple's Lockdown Mode can be activated for those at higher risk, though it does limit device functionality.
  4. Broader Impacts: It's not just iPhones. The Wallet vulnerability is also present in Apple Watch, and the ImageIO issue has been addressed in a new Mac update. Ensure all your Apple devices are updated for maximum security.
  5. How to Update: Even if you've set your iPhone for automatic updates, it's recommended to manually check and update to ensure you have the latest protection. Navigate to iPhone Settings > General > Software Update and install iOS 16.6.1.

Listeners, in the ever-evolving world of technology, staying updated is not just about getting the latest features; it's about ensuring your personal security. Always prioritize updates, especially those addressing security concerns.

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

Sites Mentioned in this Episode

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.