Skip to main content

Apple reveals multiple new security exploits that were patched with iOS 16.3 updates

With the release of iOS 16.3.1 last week, Apple has released multiple security patches for iPhone and iPad users. Although the company had already detailed these patches on its website, Apple has now updated its security webpage to reveal that there are even more exploits that have been fixed with the latest iOS updates.

More security patches listed with iOS 16.3 updates

As noted by Aaron on Twitter, Apple has added a new Common Vulnerabilities and Exposures (CVE) for iOS 16.3.1 and three new CVEs for iOS 16.3, which was released in January.

The new exploit listed by Apple that was patched with iOS 16.3.1 is related to a “maliciously crafted certificate” that could lead to a denial-of-service (DoS) attack, when the attacker floods the device or network with traffic to trigger a crash. Apple says the DoS problem has been fixed with “improved input validation.”

Interestingly, the iOS 16.3 security content webpage has also been updated with three new exploits that were fixed with the update. One of the exploits, which was found in the system’s Crash Reporter, could let attackers read arbitrary files as root. Two other Foundation-related exploits could let attackers execute arbitrary code on the iPhone or iPad with higher privileges, bypassing the app’s sandbox.

Foundation

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

It’s unclear why exactly Apple didn’t mention such security exploits before. But it’s worth keeping in mind that these vulnerabilities have all been fixed with iOS 16.3.1, which is now available to all users. With macOS 13.2.1 and iOS 16.3.1, Apple also fixed a security breach related to WebKit (the Safari web browser engine) that had been “actively exploited.”

More details about the security content of iOS and other Apple software can be found on Apple’s website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications