Urgent iPhone zero-day flaws discovered — update your phone right now

News
By Alyse Stanley
published

Apple patches vulnerabilities uses to deploy spyware and steal personal data

iPhone 14 Pro Max

This week Apple released a series of patches for several zero-day vulnerabilities for iOS that have already been exploited by bad actors to install spyware and steal personal data. So you'll want to update your phone as soon as possible. 

iOS 16.5.1, which is now available to download if you have an iPhone 8 or newer, fixes a major security flaw that allowed hackers to access all of the personal data stored on your iPhone. This particular vulnerability was first detected in Russia, where thousands of Russian government officials have reportedly had their iPhones infected with spyware. It's a kernel issue that lets bad actors execute arbitrary code with kernel privileges, meaning hackers can run whatever code they want on a targeted device. 

The hackers have been sending iMessages with malicious attachments that infect and grant access to their target's iPhones, according to The Washington Post. Apple's latest iOS patch also fixes a vulnerability with WebKit, the framework that enables developers to display webpages on Apple devices. Again, it enabled hackers to steal users' personal data by executing arbitrary code on their target's device.

The attacks have been seen only on devices running versions of iOS 15.7 or earlier, Apple said on the update's support page. While that means the company isn’t aware of any hacks on devices running later versions of iOS, those systems could still be vulnerable. Which is why Apple's encouraging all users to download iOS 16.5.1, too, even if their iPhone is already protected against the vulnerabilities in question.

Even U.S. authorities are taking this security threat seriously. The Cybersecurity and Infrastructure Security Agency added the two exploits to its Known Exploited Vulnerabilities catalog and urged federal agencies to download the latest update by July 13. 

Even if you're an unlikely target for spyware, now's as good a time as any to update your device if you have one of the best iPhones. To download iOS 16.5.1 on your device right now, simply head to Settings, select General, and then go to Software Update. 

More from Tom's Guide

Alyse Stanley
Alyse Stanley
News Editor

Alyse Stanley is a news editor at Tom’s Guide overseeing weekend coverage and writing about the latest in tech, gaming and entertainment. Prior to joining Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk, where she covered breaking tech news — everything from the latest spec rumors and gadget launches to social media policy and cybersecurity threats.  She has also written game reviews and features as a freelance reporter for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and miniature painting.