When you updated your iPhone to iOS 16.3 last month, you got a few new features, including support for the new HomePod and a dozen security updates. Turns out there were actually 15 security updates – Apple didn’t tell us about three until this week.
It’s unclear why Apple didn’t disclose the updates, which were also part of macOS 13.2, until February 20, but Apple says it “does not disclose, discuss, or confirm security issues until that an investigation has not taken place and that fixes or versions are not available”. available.” Apple also revealed an undisclosed security patch in iOS 16.3.1 and macOS 13.2.1 this week.
In two of the updates, an application may be able to execute arbitrary code on your device. Here are the details of the three new hotfixes:
Reporter of accident
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
- Impact: A user may be able to read arbitrary files as root
- Description: A race condition was handled with additional validation.
- CVE-2023-23520: Cees Elzinga
Foundation
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
- Impact: An application may be able to execute arbitrary code from its sandbox or with certain elevated privileges
- Description: The issue was addressed through improved memory management.
- CVE-2023-23530: Austin Emmitt, Principal Security Researcher at Trellix ARC
Foundation
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
- Impact: An application may be able to execute arbitrary code from its sandbox or with certain elevated privileges
- Description: The issue was addressed through improved memory management.
- CVE-2023-23531: Austin Emmitt, Principal Security Researcher at Trellix ARC
If you haven’t updated to iOS 16.3, Apple is no longer signing it, which means you’ll need to update to iOS 16.3.1, which will include iOS 16.3 fixes and features.
