Apple has released software updates, iOS 16.6.1 and iPadOS 16.6.1, to address two severe vulnerabilities in their mobile operating systems. These vulnerabilities have been labeled as zero-day vulnerabilities because they were exploited by a spyware called Pegasus, developed by NSO Group.

One of the vulnerabilities allows attackers to execute arbitrary code by manipulating a specially crafted image. Apple has received reports that this flaw has been actively exploited in real-world attacks. This means it is a serious threat to the security of your newer iPhones and iPads.

The security researchers at the University of Toronto's Munk School Citizen Lab, who discovered this vulnerability, have named it the ‘Blastpass Exploit Chain.’ It has the ability to compromise iPhones running the latest version of iOS (16.6) without requiring any action from the user. In one instance, the vulnerability was used to deliver the infamous Pegasus spyware to a device owned by an employee of a civil society organization based in Washington DC.

The iOS 16.6.1 patch also addresses another critical bug that may have been actively exploited. This bug could allow hackers to take control of someone's phone by sending them a specially crafted attachment. It affects newer iPhones and iPads as well.

To protect your devices and personal data, Apple strongly recommends updating your iPhone or iPad to the latest software version, iOS 16.6.1 or iPadOS 16.6.1. These updates contain essential security fixes that will help safeguard your device from these vulnerabilities.

To update your device:

1. Go to the "Settings" app on your iPhone or iPad.

2. Scroll down and tap on "General."

3. Select "Software Update."

4. If the update is available, tap "Download and Install."

5. Follow the on-screen prompts to complete the installation process.

Cybercriminals may attempt to exploit these vulnerabilities before users can apply the fix, so exercise extra vigilance while browsing the internet or opening files.