Technology

Apple discloses several more security exploits patched in iOS 16.3, macOS 13.2

By Scott Marlette

When you updated your iPhone to iOS 16.3 last month, you got a few new features, including support for the new HomePod, and a dozen security updates. As it turns out, there were actually 15 security updates—Apple just didn’t tell us about three of them until this week.

It’s not clear why Apple didn’t disclose the updates, which were also part of macOS 13.2, until February 20, but Apple says it “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.” Apple also revealed a previously undisclosed security patch in iOS 16.3.1 and macOS 13.2.1 this week.

In two of the updates, an app may be able to execute arbitrary code on your device. Here are the details of the three new fixes:

Crash Reporter

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
  • Impact: A user may be able to read arbitrary files as root
  • Description: A race condition was addressed with additional validation.
  • CVE-2023-23520: Cees Elzinga

Foundation

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
  • Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Foundation

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later; macOS Ventura
  • Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

If you haven’t updated to iOS 16.3, Apple is no longer signing it, which means you’ll have to update to iOS 16.3.1, which will include the fixes and features from iOS 16.3.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Scott Marlette 132879 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748