Click to Skip Ad
Closing in...

Apple quietly fixed a serious iPhone security exploit in iOS 16.3.1

Published Feb 21st, 2023 8:47AM EST
iOS 16.4 beta
Image: Apple Inc.

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Last week, Apple released iOS 16.3.1 to all users. While this version brought several features and bug fixes, Twitter user Aaron discovered that Apple recently updated the security notes for this release as well as iOS 16.3.

According to the company, primarily, iOS 16.3.1 fixed issues related to iCloud and Siri requests for the Find My app. Not only that, but Apple also improved its Crash Detection algorithm once again, which was still suffering from false positive triggers.

Now, as we can see with the new security notes, iOS 16.3.1 also patched an exploit related to a “maliciously crafted certificate” that could lead to a denial-of-service (DoS) attack. Apple says the DoS problem has been fixed with “improved input validation.”

In addition, iOS 16.3, which already fixed important bugs, also had a few more security patches not disclaimed when launched almost a month ago. One of them was found in the system’s Crash Reporter, which could let attackers read arbitrary files as root. The other Foundation-related exploits could allow attackers to execute arbitrary code on the iPhone with higher privileges by bypassing the app’s sandbox.

Foundation

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

It’s unclear why Apple took so long to announce these security patches for iOS 16.3 and iOS 16.3.1. Interestingly enough, this happened after the media started reporting on developers being able to access users’ locations through Apple Maps even when they didn’t allow the app to do so. Although the company denied it, an independent report showed this bug in action.

Last but not least, it’s worth noting that iOS 16.3 fixed the following bugs:

  • Emergency SOS calls now require holding the side button with the up or down volume button and then releasing it to prevent inadvertent emergency calls;
  • Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards;
  • Addresses an issue where the wallpaper may appear black on the Lock Screen;
  • Fixes an issue where horizontal lines may temporarily appear while waking up iPhone 14 Pro Max;
  • Fixes an issue where the Home Lock Screen widget does not accurately display the Home app status;
  • Addresses an issue where Siri may not respond properly to music requests;
  • Resolves issues where Siri requests in CarPlay may not be understood correctly.
José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.