iOS 16.3. macOS 13.2 Updates Included Patches for Major Vulnerabilities Detected by Security Researcher

The security vulnerabilities could allow malicious applications to access users' personal information.

Written by David Delima | Updated: 24 February 2023 15:56 IST

iOS 16.3. macOS 13.2 Updates Included Patches for Major Vulnerabilities Detected by Security Researcher

Photo Credit: Reuters

Users who have updated to iOS 16.3 and macOS 13.2 should be safe

Highlights

iOS 16.3 and macOS 13.2 were released in January
Both operating systems included patches for two major security flaws
Attackers could use these flaws to access users' personal information

Apple fixed two major security vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models, according to details shared by a security research firm. These updates were rolled out to users last month, and came with important bug fixes and security patches. Apple has credited the researchers with finding these flaws, that allowed a remote user to bypass protections put in place by Apple and gain access to a user's personal data as well as their camera, microphone, and call history.

Security research firm Trellix explains in a blog post that Apple introduced security fixes to block the ForcedEntry security exploit used by NSO Group, creator of the nefarious Pegasus malware, in 2021. However, the firm found that these security protections could be bypassed by a remote user, and reported the flaws to Apple.

Apple is said to have used a protocol called NSPredicateVisitor to shore up the security of its NSPredicate tool, that is used by developers to filter code. Exploits like ForcedEntry would be able to bypass that mechanism to gain access to the user's device.

Apple Rolls Out Software Updates With Security Fixes for Older Devices

An attacker could use the security flaw to bypass the sandbox that prevents one app from accessing data of other apps on the device, as well as sensitive or personal information, according to the security firm. These could include messages, call logs, photos, location details, as well as smartphone hardware such as the camera and microphone.

However, there appears to be no evidence that these flaws have been exploited by malicious actors. Meanwhile, users who have updated their devices to the latest version of iOS and macOS should be protected from these security flaws, according to Trellix.

Apple has also updated its release notes for iOS 16.3 and macOS 13.2, and both documents credit Trellix Senior Security Researcher Austin Emmitt with identifying two security flaws — CVE-2023-23530 and CVE-2023-23531 — on the mobile and desktop operating systems. Meanwhile, Trellix has thanked Apple for working quickly with the firm to resolve both security flaws.

Chrome Will Soon Protect Your Saved Passwords With Your Fingerprint

Is the new expensive 10th generation iPad worth buying instead of its predecessor? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apple, Security Flaws, iOS, macOS

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More