Apple reveals it patched even more security flaws than previously thought

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

Apple has admitted that its latest iOS and iPadOS 16.3 update addressed several more vulnerabilities than the company initially reported.

The change was spotted by AppleDB contributor Aaron, who in a recently posted tweet noted that Apple had added a new Common Vulnerabilities and Exposures (CVE) for iOS 16.3.1, as well as three additional CVEs for iOS 16.3, released earlier this year to the list of noted security flaws that the company has successfully patched.

For iOS 16.3.1, Apple now said it also fixed a “maliciously crafted certificate” vulnerability that allowed threat actors to initiate denial-of-servie (DoS) attacks. The flaw was fixed with “improved input validation”, Apple said.

No explanations

As for iOS 16.3, one of the flaws allowed threat actors to read arbitrary files as root. The other two were related to Foundation, and could allow threat actors to bypass the app sandbox and run arbitrary code on the endpoints with elevated privileges.

Apple gave no explanation why it failed to add these vulnerabilities before. For all we know, it might just be an erroneous omission. Whatever the reason, iOS and iPad OS devices running the 16.3.1 version are safe from all of them, so it’s worth updating as quickly as possible. 

For macOS 13.2.1 and iOS 16.3.1, Apple also addressed a WebKit vulnerability allegedly being exploited in the wild, 9To5Mac reported. The full breakdown of all the vulnerabilities patched in the latest versions of iOS can be found on this link.

iOS 16.3 was released on January 23, 2023, with Advanced Data Protection, Security Keys, new wallpapers, and support for the HomePod 2.

It's a release that brings improvements to many apps, from a redesigned Home app for your smart appliances to better privacy features, and a big focus on the lock screen, with new fonts, colors and themes to choose from.

Via: 9To5Mac

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.