Three Important Reasons You Should Install iOS 16.5 Right Now

Apple released iOS 16.5 today, and while it offers some interesting new features, those aren’t the only reasons to install Apple’s latest software update on your iPhone.

As seems to be the norm with every new iOS release these days, iOS 16.5 and its brethren — iPadOS 16.5, tvOS 16.5, watchOS 9.5, and macOS 13.4 — all include a laundry list of security fixes, and at least three of these are serious issues.

Apple has listed a total of 39 security vulnerabilities that are fixed in iOS 16.5 and iPadOS 16.5, three of which “may have been actively exploited.”

While those three aren’t the only serious vulnerabilities, they’re made more severe by the fact that security analysts believe that hackers and scammers have already been using them to attack iPhone users. This takes them beyond the realm of most security flaws, which researchers often discover before they can be used to cause harm.

All three of the “actively exploited” vulnerabilities are found in Apple’s WebKit frameworks, which means attackers could potentially break into your iPhone or access sensitive data from a maliciously-crafted web page or even a link sent to a messaging app that displays web previews.

Specifically, one of the vulnerabilities would allow a remote attacker to break out of the “Web Content sandbox” — the partitioned area of memory that restricts web apps from accessing other system resources. Another could “disclose sensitive information,” and the third could “lead to arbitrary code execution.”

However, this doesn’t mean that these are the only security vulnerabilities that are being exploited by cybercriminals. They’re just the only three that the good guys — Apple and the security researchers it works with — know about. It’s entirely possible some or all of the remaining 36 security flaws are also known to the “black hat” hackers who make a living from trying to find ways into people’s iPhones.

The other issues are no less serious just because there’s no evidence they’ve been exploited yet. They include things like a flaw in the Accessibility and Core Location features that could allow an app to bypass Privacy preferences, possibly doing things like reading sensitive location information or accessing contacts and photos without permission, and Kernel vulnerabilities that could allow apps to “execute arbitrary code with [full system-level] kernel privileges.”

More significantly, now that Apple has published a list of the issues that have been fixed, it’s also provided more clues for malicious hackers to find ways to exploit devices that are still running iOS 16.4.1.

A Full Round of Security Fixes

Many of these issues don’t just impact iOS/iPadOS 16.4.1. In fact, fixing these vulnerabilities is so crucial that Apple released security updates today for older devices that aren’t capable of running the latest versions of iOS and macOS.

This includes iOS/iPadOS 15.7.6, which fixes 17 vulnerabilities in the prior iOS 15 release, and macOS Big Sur 11.7.7 and macOS Monterey 12.6.6, which both fix over 25 security issues in those versions of macOS.

The Apple Watch and Apple TV aren’t immune to these problems either; watchOS 9.5 fixes 32 vulnerabilities, and tvOS 16.5 addresses a staggering 49 security problems. Both were also vulnerable to the three “actively exploited” issues.

In other words, even if the new multiview sports feature isn’t enough to entice you to install tvOS 16.5, the security patches and fixes should be. Ditto for the Pride wallpapers and Sports tab in iOS 16.5. While many folks are nervous about installing new software updates for fear of breaking things, in today’s world, the greater risk is from leaving yourself vulnerable by not installing the latest security updates.