Apple’s operating system updates always have important security patches, which is why we urge users to update as soon as possible. The recent iOS and iPadOS 16.5 update, however, has a unique security patch that is essentially a follow-up to a previous patch.
A report by Jamf released on Monday details the ColdInvite vulnerability, which is filed as CVE-2023-27930 in the CVE Program database. ColdInvite “can be exploited to leverage the co-processor in order to obtain read/write privileges to the kernel,” according to Jamf. A bad actor can use ColdInvite to eventually gain control of the device. This hole was fixed in the 16.5 update.
Interestingly, ColdInvite was discovered because of a previous vulnerability that Apple addressed last year in iOS/iPadOS 15.6.1. This older one (filed as CVE-2022-32894) is called ColdIntro and is also a kernel vulnerability. According to a deep dive analysis posted by Jamf, Apple’s 15.6.1 update “mitigates a specific way for an attacker to escape a co-processor but does not fix the root cause of the underlying vulnerability.” Essentially, 15.6.1 fixed ColdIntro, but Apple didn’t address why ColdIntro was able to exist in the first place. That led to more research and the discovery of ColdInvite.
Jamf notes that iPhone 12 and later models running iOS 14 or later are susceptible to ColdInvite and ColdIntro. The fix is to update to iOS 16.5, though if you depend heavily on Apple’s Lightning to USB 3 Camera Adapter you might want to wait until the bug with that product is fixed or figure out a temporary image-transfer workaround.
It is standard practice for security firms to disclose their findings after they have reported to the relevant companies and the vulnerabilities have been fixed.
iOS 16.5: How to install
To install iOS 16.5 or iPadOS 16.5 on your iPhone or iPad, head over to the Settings app, tap General, then Software Update. Then tap the Download and Install button and follow the prompts. Your device will need to restart.
For more help with iPhone security settings read our iPhone security tips. Also, check out Do iPhones get viruses?, How Lockdown will protect your iPhone and How to remove a virus from an iPhone or iPad.