Apple iOS 16.5.1 (c) has arrived, along with a warning to update now. That’s because iOS 16.5.1 (c) is an urgent iPhone security update that fixes a flaw already being used in real-life attacks.
The release of iOS 16.5.1 (c) comes after Apple issued iOS 16.5.1 (a) earlier this week, then pulled it again after reports that the update broke websites such as Facebook. The iPhone maker said it would fix the issue before re-releasing the security-only iPhone update, which is now here as iOS 16.5.1 (c).
So what exactly is fixed in iOS 16.5.1 (c) and how does it differ from the usual iPhone updates?
Apple iOS 16.5.1 (c) is a Rapid Security Response Update
Apple’s iOS 16.5.1 (c) is a Rapid Security Response update (RSR)—a new feature added by the iPhone maker in iOS 16 to allow it to quickly fix security issues on the fly. Previously, Apple waited until feature updates before issuing security patches. Although major point updates do include security fixes, Rapid Security Response updates such as iOS 16.5.1 (c) allow it to address major serious flaws in smaller downloads.
It comes as iPhone users are being increasingly targeted with spyware and follows multiple fixes for iOS vulnerabilities already being used in real-life attacks.
Apple iOS 16.5.1 (c) Fixes A WebKit Flaw
As for the fix itself, iOS 16.5.1 (c) patches an issue in WebKit, the engine that underpins Apple’s Safari browser, which could allow an adversary to execute code on an iPhone. Vulnerabilities such as the issue fixed in iOS 16.5.1 (c) are often chained together with other flaws to take control of someone’s iPhone and have been used in spyware attacks.
The vulnerability in WebKit could allow a potential attacker “to gain partial access to a device,” says security researcher Sean Wright. While he concedes this is not as severe as a Kernel-level access, “it still allows an attacker to carry out further attacks on a victim,” Wright warns.
Tracked as CVE-2023-37450, Apple “is aware of a report that this issue may have been actively exploited,” according to a warning on its support page.
Referring to iOS 16.5.1 (c) specifically, the iPhone maker said: “Rapid Security Responses iOS 16.5.1 (c) and iPadOS 16.5.1 (c) include the security content of Rapid Security Responses iOS 16.5.1 (a) and iPadOS 16.5.1 (a) and fix an issue that prevents some websites from displaying properly.”
Why You Should Update To iOS 16.5.1 (c) Now
Currently, we don’t know who attacks using the issue fixed in iOS 16.5.1 (c) targeted. In the past, attacks are often aimed and a specific group of people, such as dissidents, certain businesses, journalists or government related workers. If you fall into this group, the iOS 16.5.1 (c) update is especially urgent.
But at the same time, while Apple doesn’t give much detail about what’s fixed in iOS 16.5.1 (c), to give people as much time to upgrade as possible, attackers could be getting hold of the details. Once that happens, they can use the flaws more widely, making it important that all iPhone users update to iOS 16.5.1 (c) now.
You will need to download and install iOS 16.5.1 (c) manually. Despite the RSR title, all updates can take a while to be applied automatically, even if you have the feature turned on. So you know what to do—load up your Settings > General > Software Update and upgrade to iOS 16.5.1 (c) now to keep your iPhone safe.