Apple just plugged two security holes used to hack Russian iPhones

iOS 17 text in front of an iPhone 14 and 14 Pro side-by-side
(Image credit: Future)

Apple released iOS 16.5.1 and iPadOS 16.5.1 to the public yesterday and while it did include bug fixes, it seems that there were some much more important improvements going on under the hood elsewhere, too.

Both iOS 16.5.1 and iPadOS 16.5.1 have their own security fixes that make them well worth downloading as soon as possible, but those with older devices should also update to the latest software as well — iOS 15.7.7 and iPadOS 15.7.7.

According to a Washington Post report, Apple's latest iPhone and iPad software updates fix two security flaws that had been used to hack devices in Russia. It took Russian antivirus outfit Kaspersky Lab to spot the issue and make an announcement three weeks ago, with the company saying that its own employees were impacted. 

Security matters

"At the same time as Kaspersky’s initial announcement, Russia’s Federal Security Service, known as the FSB, accused the National Security Agency of being responsible. It did not provide evidence or explain how it reached that conclusion," the Washington Post reports.

As for how the attack worked, it seems that it was as simple as sending a malicious attachment via iMessage. The recipient never actually needed to read the message for the payload to take over, it seems. "Without ever seeing that message, the phone’s user would be infected and the attacker could run code of their choosing," the report adds before noting that restarting the iPhone undid the hack, as did enabling Apple's Lockdown Mode.

Kaspersky says that the attack was capable of issuing 24 commands including extracting passwords from iCloud Keychain as well as monitoring location data.

Security release notes for iOS 16.5.1 and iPadOS 16.5.1 both reference fixes for the same Kaspersky-spotted security flaws as the notes for iOS 15.7.7 and iPadOS 15.7.7.

As always, we'd suggest updating to the latest versions of iOS and iPadOS whenever possible.

Apple is of course hard at work on its next big software releases in the shape of iOS 17 and iPadOS 17, both of which are in developer beta and are expected to ship this fall.

Oliver Haslam

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.