While the launch of iOS 17 has been announced, a large number of Apple users are still on iOS 16, mainly because their devices cannot support the new upgrade. Following the release of iOS 17.0.3 last week, which fixed several high-risk security vulnerabilities, Apple has now rolled out similar fixes for iOS/iPadOS 16 through its latest version, iOS/iPadOS 16.7.1 (20H30). This update doesn't bring any new features, rather it is centered around fixing these security issues.
Apple has stressed the importance of these security fixes in its update notes, encouraging all users to install the updates as soon as possible. Among the vulnerabilities addressed is CVE-2023-42824, a flaw that has already been exploited and could let attackers increase their privileges. Another vulnerability, CVE-2023-5217, is located in the libvpx open-source library, which plays a crucial role in decoding VP8 videos. This vulnerability has also been exploited in cyberattacks.
Apple stated, “A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.” While this update likely includes other vulnerability fixes, Apple has not yet published an official security bulletin, thus the specifics of these potential flaws remain undisclosed. It is highly recommended for users still on iOS 16.x to switch to this newer version.