With the release of iOS 16.3.1 last week, Apple has released multiple security patches for iPhone and iPad users. Although the company had already detailed these patches on its website, Apple has now updated its security webpage to reveal that there are even more exploits that have been fixed with the latest iOS updates.
More security patches listed with iOS 16.3 updates
As noted by Aaron on Twitter, Apple has added a new Common Vulnerabilities and Exposures (CVE) for iOS 16.3.1 and three new CVEs for iOS 16.3, which was released in January.
The new exploit listed by Apple that was patched with iOS 16.3.1 is related to a “maliciously crafted certificate” that could lead to a denial-of-service (DoS) attack, when the attacker floods the device or network with traffic to trigger a crash. Apple says the DoS problem has been fixed with “improved input validation.”
Interestingly, the iOS 16.3 security content webpage has also been updated with three new exploits that were fixed with the update. One of the exploits, which was found in the system’s Crash Reporter, could let attackers read arbitrary files as root. Two other Foundation-related exploits could let attackers execute arbitrary code on the iPhone or iPad with higher privileges, bypassing the app’s sandbox.
Foundation
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC
It’s unclear why exactly Apple didn’t mention such security exploits before. But it’s worth keeping in mind that these vulnerabilities have all been fixed with iOS 16.3.1, which is now available to all users. With macOS 13.2.1 and iOS 16.3.1, Apple also fixed a security breach related to WebKit (the Safari web browser engine) that had been “actively exploited.”
More details about the security content of iOS and other Apple software can be found on Apple’s website.
Author: Filipe Espósito
Source: 9TO5Google