Apple releases iOS 16.7.1 to plug critical security holes

Macworld

On Tuesday, Apple released the iOS 16.7.1 update for the iPhone 8, iPhone X, and other phones that haven’t yet updated to iOS 17. Like iOS 17.0.3, which was released last week, It contains “important security fixes and is recommended for all users.” iPad users running iOS 16 also get an update.

The update includes two critical security updates, including one that “may have been actively exploited.” The same two updates were included in iOS 17.0.3:

Kernel

Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.

Description: The issue was addressed with improved checks.

CVE-2023-42824

WebRTC

Impact: A buffer overflow may result in arbitrary code execution

Description: The issue was addressed by updating to libvpx 1.13.1.

WebKit Bugzilla: 262365
CVE-2023-5217

Apple has stopped development of iOS 16 following the release of iOS 17 in September, but it will issue security updates for at least the next 12 months. To update your iPhone, head over to the Settings app tap General, then Software Update, and wait for iOS 16.7.1 to appear. Then tap Download & Install and follow the prompts.

iOS