September 22, 2023

iOS 16.6.1 and iOS 17.0

Low poly image of iphone on a table

Lookout Coverage and Recommendation for Admins

Lookout provides multilayered protection for devices that are exploitable through multiple vectors and could be compromised. To ensure your devices aren’t exposed through the vulnerabilities in iOS 16.6.1 and earlier, Lookout admins should set default OS Out of Date policy to have a minimum iOS version of 17.0.1 for applicable models.They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until iOS is updated.

In addition to requiring a minimum OS, admins should enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that are built to exploit these vulnerabilities in order to phish credentials or deliver malicious apps to the device. Finally, Lookout will detect if an attacker is successfully able to compromise the device at the OS level. 


Apple recently released two software updates for iOS and iPad OS  —  16.7 and 17.0.1. These versions contain important security patches for vulnerabilities for which Apple has reports of exploitation in the wild. These three vulnerabilities form an exploit chain and are also known to install Cytrox’s Predator spyware.

  1. CVE-2023-41992: a kernel vulnerability which could result in privilege escalation for a local attacker
  2. CVE-2023-41991: a security vulnerability where a malicious app can bypass signature validation
  3. CVE-2023-41993: a Webkit vulnerability allowing execution of arbitrary code while processing web content

The latest version of iOS is 16.7 for iPhone 8 and later, whereas the version 17.0.1 is for iPhone XS and later 

Lookout Analysis

The two notable aspects of these releases are that the vulnerabilities listed are known to be actively exploited and the fixes are released for all models of iPhone currently supported by Apple (iPhone 8 and later)

The active exploitation, privilege escalation and remote code execution makes it very important for users to update their OS versions, regardless of the models they are using. We strongly recommend that the iPhone and iPad users keep their devices on auto update for OS versions so that the security fixes can be applied as soon as they are released. Apple has mentioned that these patches contain patches for additional vulnerabilities and that they will update the details of those in coming days.

It is likely that the Webkit vulnerability can be executed by processing malcrafted web pages, which then provide the attacker with  higher privileges. To help protect against this threat and others like it, Lookout takes a multifaceted approach to protect mobile users from malicious phishing campaigns and mobile applications that are built to exploit these vulnerabilities. Lookout has coverage in place for the Predator spyware mentioned above. It will also detect if an attacker is successfully able to compromise the device at the OS level. 

CISA guidelines have been updated since the original release of this article that mandate all government agencies to update to the latest OS version by October 19th, 2023.



Cloud & Endpoint Security

Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.

Platform(s) Affected
Threat Type
Entry Type
Threat Guidances
Platform(s) Affected
Threat Guidances
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.