Apple has issued iOS 15.4.1, along with a warning to update now. That’s because iOS 15.4.1 comes with a single security fix for a major issue that is already being used by adversaries to attack iPhones.
Apple doesn’t give a lot of detail about what’s fixed in iOS 15.4.1, to allow as many iPhones as possible to be updated before more attackers can get hold of the details. According to Apple’s support page, iOS 15.4.1 patches a vulnerability in Apple AVD, which could allow an application to execute arbitrary code with kernel privileges.
Apple says is “aware of a report that the issue may have been actively exploited”—in other words, adversaries are using the vulnerability to attack iPhones in real-life scenarios.
The impact of the vulnerability fixed in iOS 15.4.1 is “as severe as they come”, says security researcher Sean Wright. “Anything that has the ability to execute commands with kernel privileges allows an attacker to have full control over the device.”
Labeled CVE-2022-22675, the issue fixed in the iOS 15.4.1 emergency update was reported by an anonymous researcher. It comes just two weeks after the release of iOS 15.4, which came with a number of security fixes as well as some major new security and privacy features. One of the most popular iOS 15.4 features was the ability to unlock your iPhone while wearing a mask.
Apple’s iOS 15.4.1 also comes with a fix for a battery drain issue many people had complained about since updating to iOS 15.4. It’s not security related, but running out of battery is an emergency too for the many iPhone users affected by this problem.
At the same time, Apple released macOS Monterey 12.3.1 fixing two Mac security issues in Apple AVD and Intel Graphics Driver.
iOS 15.4.1—Why you should update your iPhone now
There’s no doubt the issue is serious, which makes it important to update your iPhone as soon as you can. What we don’t know is, how widely the issue fixed in iOS 15.4.1 is being used—or whether it is a targeted attack against a specific group. This information could emerge in the coming weeks or months, but for now everyone should update their iPhones and iPads to iOS 15.4.1 as soon as they can.
Another reason it’s important to update to iOS 15.4.1 is, Apple was updating phones on iOS 14 with important security fixes. For the last few updates, this has not been the case—if you avoid updating your iPhone, you are leaving it open to attack. This is even worse when the issue is being exploited as it is in iOS 15.4.1.
In addition, says Wright, be careful about the apps you install—and only install them if you actually intend on using them. “Pay attention to user reviews and permissions to help assess the validity of the app. For example, a flashlight app shouldn’t require permission to access your contacts.”
You’ll need to update to iOS 15.4.1 manually, as Apple doesn’t force automatic updates to iPhones straight away. You know what to do—go to Settings > General > Software Update as soon as you get the chance, update to iOS 15.4.1 to keep your iPhone safe.