Apple reveals it patched even more security flaws than previously thought
[ad_1]
Apple has admitted that its latest iOS and iPadOS 16.3 update addressed several more vulnerabilities than the company initially reported.
The change was spotted by AppleDB contributor Aaron, who in a recently posted tweet noted that Apple had added a new Common Vulnerabilities and Exposures (CVE) for iOS 16.3.1, as well as three additional CVEs for iOS 16.3, released earlier this year to the list of noted security flaws that the company has successfully patched.
For iOS 16.3.1, Apple now said it also fixed a “maliciously crafted certificate” vulnerability that allowed threat actors to initiate denial-of-servie (DoS) attacks. The flaw was fixed with “improved input validation”, Apple said.
No explanations
As for iOS 16.3, one of the flaws allowed threat actors to read arbitrary files as root. The other two were related to Foundation, and could allow threat actors to bypass the app sandbox and run arbitrary code on the endpoints (opens in new tab) with elevated privileges.
Apple gave no explanation why it failed to add these vulnerabilities before. For all we know, it might just be an erroneous omission. Whatever the reason, iOS and iPad OS devices running the 16.3.1 version are safe from all of them, so it’s worth updating as quickly as possible.
For macOS 13.2.1 and iOS 16.3.1, Apple also addressed a WebKit vulnerability allegedly being exploited in the wild, 9To5Mac reported. The full breakdown of all the vulnerabilities patched in the latest versions of iOS can be found on this link (opens in new tab).
iOS 16.3 was released on January 23, 2023, with Advanced Data Protection, Security Keys (opens in new tab), new wallpapers, and support for the HomePod 2 (opens in new tab).
It’s a release that brings improvements to many apps, from a redesigned Home app for your smart appliances to better privacy features, and a big focus on the lock screen, with new fonts, colors and themes to choose from.
Via: 9To5Mac (opens in new tab)
[ad_2]
Source link