Apple released iOS 16.5 last week with security fixes that resolve vulnerabilities in the operating system we use daily on our iPhones. But it looks like one of those security fixes is a follow-up to a previously addressed vulnerability back in 2022.
The ColdInvite vulnerability, CVE-2023-27930, according to a report by Jamf “can be exploited to leverage the co-processor in order to obtain read/write privileges to the kernel”
That means that someone malicious enough could've gained control of your iOS device using ColdInvite. Luckily, iOS 16.5 resolves the issues and protects your iPhone.
Where things get interesting, however, is when you look at older vulnerability fixes dating back to last year in iOS 15.6.1. ColdInvite was discovered because of a vulnerability Apple fixed last year called ColdIntro (CVE-2022-32894). ColdIntro was patched as part of the iOS 15.6.1 update, and analysis from Jamf states that the 15.6.1 update “mitigates a specific way for an attacker to escape a co-processor but does not fix the root cause of the underlying vulnerability.”
In Layman's terms, iOS 15.6.1 fixed the ColdIntro security risk but not why the risk existed, to begin with. That means that Apple has taken nearly a year to find the root cause of the issue and, finally, has helped the iPhone get rid of its cold.
Apple saves the day
Security vulnerabilities are nothing new, but they can be worrying when you look into the nitty gritty details. Luckily, Apple puts security and privacy at the forefront of its ethos, leading to long-term development, like the one here, to solve potential security risks.
With WWDC on June 5 just around the corner. We'll be watching with eager eyes to see what security enhancements iOS 17 brings to the table. It looks like we could see iMessage Contact Key Verification, either in iOS 16.6 or when WWDC comes around.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
John-Anthony Disotto is the How To Editor of iMore, ensuring you can get the most from your Apple products and helping fix things when your technology isn’t behaving itself.
Living in Scotland, where he worked for Apple as a technician focused on iOS and iPhone repairs at the Genius Bar, John-Anthony has used the Apple ecosystem for over a decade and prides himself in his ability to complete his Apple Watch activity rings.
John-Anthony has previously worked in editorial for collectable TCG websites and graduated from The University of Strathclyde where he won the Scottish Student Journalism Award for Website of the Year as Editor-in-Chief of his university paper. He is also an avid film geek, having previously written film reviews and received the Edinburgh International Film Festival Student Critics award in 2019.
John-Anthony also loves to tinker with other non-Apple technology and enjoys playing around with game emulation and Linux on his Steam Deck.
In his spare time, John-Anthony can be found watching any sport under the sun from football to darts, taking the term “Lego house” far too literally as he runs out of space to display any more plastic bricks, or chilling on the couch with his French Bulldog, Kermit.