A security vulnerability in WebKit could allow attackers to remotely execute code through malicious web pages. The issue, referenced as CVE‑2023‑23529, was reported by Ghacks.net, and Apple says the flaw may have been actively exploited by hackers. Apple fixed the problem by addressing a type‑confusion issue with improved checks. The release notes for Safari 16.3.1 note that the vulnerability has also been patched in macOS Big Sur and macOS Monterey, and the latest browser version can be installed from the System Preferences page on a Mac.
A second security bug affecting iOS 16.3.1, iPadOS 16.3.1 and macOS 13.2.1 was related to the kernel. Hackers could use an app with kernel privileges to execute arbitrary code. Discovered by Google Project Zero’s Ned Williamson and Xinru Chi of Pangu Lab, the issue is tracked as CVE‑2023‑23514. The zero‑day vulnerability was patched by improving the operating system’s memory management. Apple credited The Citizen Lab at the University of Toronto’s Munk School for assisting with the fix.
macOS Ventura 13.2.1 includes a third security patch for the Shortcuts app. A bug could have allowed apps to observe unprotected data; the flaw is tracked as CVE‑2023‑23522 and was reported by Wenchao Li and Xiaolong Bai of Alibaba Group. Apple addressed the privacy issue by improving the handling of temporary files.
The iOS 16.3.1 update is available for iPhone 8 and later, while iPadOS 16.3.1 is released for all iPad Pro models, iPad Air (3rd generation and later), iPad 5th generation and later, and iPad mini 5th generation and later. iOS 16.3.1 also fixes an iCloud Settings issue that could cause the settings to stop responding or display incorrectly when apps use iCloud, addressing user complaints about iCloud backups. Additionally, Apple has patched Siri requests for the Find My feature and included crash‑detection optimizations for iPhone 14 and iPhone 14 Pro models. The exact changes are unclear, but the update follows numerous problems since the feature’s debut, the most common being false crash reports while users were skiing, on roller coasters, and similar activities.
Comments are closed for this story.