An Apple security fix in iOS 15.6.1 back in August of last year was said to close two major security vulnerabilities, one of which could have allowed a rogue app to execute arbitrary code with kernel privileges (aka do Very Bad Things). But it’s now been revealed that the more serious vulnerability wasn’t closed after all.
Apple did succeed in blocking a specific way of exploiting the vulnerability, but didn’t address the root issue until last week’s iOS 16.5 update, some nine months later …
more…