Apple rolls out iOS 16.5.1 update, fixes security flaws exploited to hack iPhones in Russia STST

Apple on Wednesday rolled out an iOS update for rectifying two security flaws in its iPhones and iPads. The Cupertino-based tech giant carried out the important security fixes via the iOS 16.5.1 update. Apple has credited Russian security software maker Kaspersky Lab for the discovery of the security flaws.

The iOS update has been released after the Russian software firm raised concerns about two security issues, which were exploited to hack devices in Russia.

The issue evolved into a diplomatic row after Russian intelligence blamed the United States for orchestrating an espionage campaign. In May, Russia’s Federal Security Service had alleged that the US government's National Security Agency had hacked thousands of iPhones, according to reports. 

Apple has now confirmed that the recent fixes would safeguard iPhones running iOS 15.7 or older versions, which became outdated in September last year. It is worth noting that the recent versions of iOS already boast of improvements that render them immune to these attacks. Most Apple customers have updated to the company’s latest operating software, iOS 16.

The tech giant has also launched iPadOS 16.5.1 for iPad Pro (all models), iPad Air 3rd generation, iPad 5th generation, iPad mini 5th generation and later.

Security flaws raised by Kaspersky Lab

Three weeks ago, Kaspersky Lab had claimed in its blog post that it had “independently discovered anomalous traffic on its corporate Wi-Fi network around the start of the year.”

The Russian company said that file-stealing malware on iPhones of its employees was implanted. Apparently the attack was carried out by sending an iMessage with a malicious attachment. The user’s phone would be compromised even if he or she did not open the message. The company had further revealed that employees who were running a year-old version of Apple’s iOS were targeted.

However, Kaspersky Lab maintained that it did not have enough evidence to blame the US government or any other group for the breaches.

“While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise,” read Kaspersky Lab’s blog post.