News

Apple Reveals More Security Holes Patched in iOS 16.3, macOS 13.2

Apple released iOS 16.3 last month, and when you updated to it, there were several new features along for the ride, as well as several security updates. While 12 of the security fixes were revealed alongside the release of the update, Apple waited until Monday to reveal three more updates.

While it is not clear why Apple didn’t disclose the security fixes (which were also included in the macOS 13.2 update) at the time of the update but Apple says it “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

iOS 16.3 and macOS 13.2 Security Updates

The details of the three new fixes are as follows:

Crash Reporter

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user may be able to read arbitrary files as root

Description: A race condition was addressed with additional validation.

CVE-2023-23520: Cees Elzinga

Foundation

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Foundation

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

Other Security Patches

Apple also revealed a previously unreported security patch in iOS 16.3.1 and macOS 13.2.1 this week.

Security

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later.

Impact: Processing a maliciously crafted certificate may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved input validation.

CVE-2023-23524: David Benjamin of Google Chrome

While Apple is no longer signing iOS 16.3, iOS 16.3.1 is available and it includes the fixes and features from iOS 16.3.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.