The change was spotted by AppleDB contributor Aaron, who in a recently posted tweet noted that Apple had added a new Common Vulnerabilities and Exposures (CVE) for iOS 16.3.1, as well as three additional CVEs for iOS 16.3, released earlier this year to the list of noted security flaws that the company has successfully patched.
For iOS 16.3.1, Apple now said it also fixed a “maliciously crafted certificate” vulnerability that allowed threat actors to initiate denial-of-servie (DoS) attacks. The flaw was fixed with “improved input validation”, Apple said.
As for iOS 16.3, one of the flaws allowed threat actors to read arbitrary files as root. The other two were related to Foundation, and could allow threat actors to bypass the app sandbox and run arbitrary code on the endpoints with elevated privileges.
Apple gave no explanation why it failed to add these vulnerabilities before. For all we know, it might just be an erroneous omission. Whatever the reason, iOS and iPad OS devices running the 16.3.1 version are safe from all of them, so it’s worth updating as quickly as possible.
For macOS 13.2.1 and iOS 16.3.1, Apple also addressed a WebKit vulnerability allegedly being exploited in the wild, 9To5Mac reported. The full breakdown of all the vulnerabilities patched in the latest versions of iOS can be found on this link.
It's a release that brings improvements to many apps, from a redesigned Home app for your smart appliances to better privacy features, and a big focus on the lock screen, with new fonts, colors and themes to choose from.
- Check out the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.