Apple released Monday a security-heavy update to its mobile operating system iOS, which should help fix over a dozen existing software vulnerabilities currently affecting iPhones, iPads and iPods.
The newly introduced iOS 10.2.1 will help protect users from a wide range of potentially serious cyberattacks, including the downloading of specific, malicious phone applications that can help adversaries take complete control of the device.
The software update targets issues discovered by researchers in WebKit, the browser engine behind Safari, Apple’s App Store, and several native iOS apps. Some of the aforementioned vulnerabilities would allow for arbitrary code execution, enabling a hacker to remotely edit code and launch specific programs or features. With such a capability, data siphoning and other digital espionage activities could be accomplished.
Although the vulnerabilities are significant, it took some of the world’s best security researchers to discover.
“These were some top notch hackers who found them, so the bar was quite high,” iOS forensics expert Jonathan Zdziarski told Wired.
Google’s elite security unit known as Project Zero reported nine of the catalogued iOS vulnerabilities.
This is not the first time Apple has pushed out a comprehensive security update following the disclosure of a potentially damaging software vulnerability.
When a unique malware variant designed to spy on iPhones was found lurking on the digital communications of a Middle Eastern human rights activist last summer, Apple moved quickly to provide an iOS update that ultimately patched multiple backdoors.
The spyware, dubbed Pegasus, had been designed by an Israeli defense contractor named NSO Group. Pegasus allowed for attackers to remotely exfiltrate data related to a device’s browsing history, emails, text messages, contact lists, photos and more. Pegasus similarly targeted kernel privileges and led to arbitrary code execution.