Apple discloses a number of extra safety exploits patched in iOS 16.3, macOS 13.2
Tech

Apple discloses a number of extra safety exploits patched in iOS 16.3, macOS 13.2


When you up to date your iPhone to iOS 16.3 final month, you bought a couple of new options, together with assist for the brand new HomePod, and a dozen safety updates. As it seems, there have been really 15 safety updates—Apple simply didn’t inform us about three of them till this week.

It’s not clear why Apple didn’t disclose the updates, which have been additionally a part of macOS 13.2, till February 20, however Apple says it “doesn’t disclose, talk about, or verify safety points till an investigation has occurred and patches or releases can be found.” Apple additionally revealed a beforehand undisclosed safety patch in iOS 16.3.1 and macOS 13.2.1 this week.

In two of the updates, an app might be able to execute arbitrary code in your system. Here are the main points of the three new fixes:

Crash Reporter

  • Available for: iPhone 8 and later, iPad Pro (all fashions), iPad Air third technology and later, iPad fifth technology and later, and iPad mini fifth technology and later; macOS Ventura
  • Impact: A consumer might be able to learn arbitrary information as root
  • Description: A race situation was addressed with further validation.
  • CVE-2023-23520: Cees Elzinga

Foundation

  • Available for: iPhone 8 and later, iPad Pro (all fashions), iPad Air third technology and later, iPad fifth technology and later, and iPad mini fifth technology and later; macOS Ventura
  • Impact: An app might be able to execute arbitrary code out of its sandbox or with sure elevated privileges
  • Description: The situation was addressed with improved reminiscence dealing with.
  • CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Foundation

  • Available for: iPhone 8 and later, iPad Pro (all fashions), iPad Air third technology and later, iPad fifth technology and later, and iPad mini fifth technology and later; macOS Ventura
  • Impact: An app might be able to execute arbitrary code out of its sandbox or with sure elevated privileges
  • Description: The situation was addressed with improved reminiscence dealing with.
  • CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

If you haven’t up to date to iOS 16.3, Apple is now not signing it, which implies you’ll need to replace to iOS 16.3.1, which is able to embrace the fixes and options from iOS 16.3.


Leave a Reply

Your email address will not be published.

More Stories