Apple releases iOS 16.3.1, iPadOS 16.3.1, macOS 13.2.1 updates with critical security fix for actively exploited issue
Apple has released the iOS 16.3.1, iPadOS 16.3.1, macOS 13.2.1 updates for its devices. All three updates include a critical security fix for a flaw that may have been exploited in the wild.
Apple fixes actively exploited security issue in Safari
A security vulnerability in WebKit could allow attackers to remotely execute code through malicious web pages. The issue has been referenced as CVE-2023-23529. Apple states that the security flaw may have been actively exploited by hackers. It fixed the problem by addressing a type confusion issue with improved checks.
The release notes for Safari 16.3.1 mentions that the vulnerability has also been patched in macOS Big Sur and macOS Monterey. You can update to the latest version of the browser from the System Preferences page on your Mac.
A second security bug in iOS 16.3.1, iPadOS 16.3.1 and macOS 13.2.1 was related to the Kernel in the operating systems. Hackers could use an app with kernel privileges to execute arbitrary code. The issue, which was discovered by Google Project Zero's Ned Williamson and Xinru Chi of Pangu Lab, has been tracked as CVE-2023-23514. It's funny how Pangu went from jail breaking iOS to reporting vulnerabilities that could have been exploited for the same. The zero-day vulnerability was patched by improving the memory management of the OS. Apple has credited The Citizen Lab at The University of Toronto’s Munk School for assisting them with fixing the security loopholes.
macOS Ventura 13.2.1 has a third security patch, this time for the Shortcuts app, a bug found in it could have allowed apps to observe unprotected data. The flaw which is tracked as CVE-2023-23522 was reported by Wenchao Li and Xiaolong Bai of Alibaba Group. Apple improved the handling of temporary files to address the privacy issue.
The iOS 16.3.1 update is available for the iPhone 8 and later. The iPadOS 16.3.1 update has been released for the iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Other fixes in iOS 16.3.1
iOS 16.3.1 fixes an issue with the iCloud Settings, which could stop responding or not display correctly if apps were using iCloud. This likely address the complaints from users being unable to use iCloud Backups too. Apple has patched Siri requests for the Find My feature. The update includes crash Detection optimizations on iPhone 14 and iPhone 14 Pro models. It is unclear what exactly has been fixed, but there have been numerous problems since the feature debuted, the most common complaint were false reports when users were skiing, or were on a roller coaster, etc.
Reports from users suggest that Google Photos is not working on the latest version of iOS, the app just crashes when you try to open it.
Apple has also released tvOS 16.3.2 and audioOS 16.3.2 and watchOS 9.3.1 for eligible devices. The HomePod OS 16.3.2 update fixes a bug related to Siri, where asking it to control smart home accessories may fail. The release notes say that the update also includes general performance and stability improvements.
The iOS 16.4 beta has long been awaited by users, and now that iOS 16.3.1 is out, we can expect the new beta to land soon. Among other features, it is expected to bring a new HomeKit architecture.
Had many issues with the 16.3.1 update – breaking some Mac M1 machines only booting into recovery mode. System Integrity Protection required to be disabled to allow the device to boot.