Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Researchers Delve Into Major Vulnerability Patched in iOS 16.3 and macOS 13.2

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,519
37,818


With almost every iOS and macOS update, Apple includes a host of security improvements to address major vulnerabilities. iOS 16.3 and macOS Ventura 13.2, released back in January, were no exception. Both updates included fixes for a long list of issues, including two that were highlighted today in a report from Trellix.

iOS-16.3-Feature.jpg

Trellix Advanced Research Center discovered a new class of privilege execution bugs within iOS and macOS, which could be exploited to delve into an iPhone or Mac user's messages, location data, photos, call history, and more.

In a blog post highlighting how the bug was found, Trellix explains how mitigations that Apple introduced for the FORCEDENTRY zero-click exploit in September 2021 could by bypassed, allowing for a "huge range of potential vulnerabilities."

Trellix found its first vulnerability in the coreduetd process, which could be used to give an attacker access to a person's calendar, address book, and photos. Vulnerabilities in OSLogService and NSPredicate were able to be exploited to achieve code execution within Springboard, providing attackers access to the camera, microphone, call history, and more.

Data about these vulnerabilities was relayed to Apple, and the company fixed the exploits in iOS 16.3 and macOS 13.2 Ventura. Security support documents for both updates were refreshed yesterday to reflect the addition of the patches.

Trellix is credited with two vulnerabilities (CVE-2023-23530 and CVE-2023-23531) that Apple patched with improved memory handling. Trellix said that it thanks Apple for working quickly to fix the issues.

Article Link: Security Researchers Delve Into Major Vulnerability Patched in iOS 16.3 and macOS 13.2
 
Article Link
https://www.macrumors.com/2023/02/21/ios-16-3-security-vulnerability-overview/
  • Love
Reactions: SFjohn
  • Like
Reactions: Glideslope, EmotionalSnow, haruhiko and 11 others
madmin said:
It's us users who pay the price for Apple's recent lack of software quality
Click to expand...
Show me one piece of software that doesn’t have bugs and I’ll show you a piece of software that just hasn’t been examined enough.

This is the world of modern software, millions of interacting libraries, improper error checking in places that no one should be able to get to but a different exploit was found to allow for it, etc.

This isn’t an obvious “password is in plaintext” kind of security flaw. This is a chain of flaws. This is how the world works now.
 
  • Like
  • Love
  • Disagree
Reactions: Shifts, EmotionalSnow, KeithBN and 29 others
Realityck said:
Related

About the security content of iOS 16.3 and iPadOS 16.3 – Apple Support (UK)

This document describes the security content of iOS 16.3 and iPadOS 16.3.
support.apple.com support.apple.com

About the security content of iOS 16.3.1 and iPadOS 16.3.1 – Apple Support (UK)

This document describes the security content of iOS 16.3.1 and iPadOS 16.3.1.
support.apple.com support.apple.com

You can't say Apple and third party software security contributors aren't keeping up with what gets found.
Click to expand...
Compared to the alternative that not only has vulnerabilities with the OS (normal) but also the apps (degrees of safeguards) but also the OS provider harvests user information which is a triple threat.

While Apple is not immune to the first two the third is completely within their control.
 
  • Like
Reactions: Colstan
citysnaps said:
It astonishing so many people apparently believe that's true.

Apparently everything else in their lives marches to 100.0% perfection 100.0% of the time.
Click to expand...
This is full truth.
I wonder how many times I got on my work HP laptop keyboard updates via Windows Update…
Nothing is fully secure, even calculator app might have issues :) (who remember what Apple did to it? )
 
  • Like
Reactions: KeithBN and imnotthewalrus
madmin said:
It's us users who pay the price for Apple's recent lack of software quality
Click to expand...

centauratlas said:
Apple seems to be rushing changes without sufficient engineering and design behind them. One hopes that they are learning from this but I doubt it.
Click to expand...
I'd like to see you guys do better writing code for an impatient world... Either that or point out any significant platform that doesn't have vulnerabilities and problems? or is it that you just don't like Apple for some reason?
 
  • Like
  • Disagree
  • Love
Reactions: b17777, EmotionalSnow, KeithBN and 8 others
madmin said:
It's us users who pay the price for Apple's recent lack of software quality
Click to expand...
This is an article about Apple's rapid response to some serious bugs. And yet the Apple haters appear no matter what.

Do the haters know how hard it can be to write software, especially an OS? And it's so much more complicated and difficult than it was 10 years ago. You want more and more advanced features, and then if there is a bug you folks automatically repeat the same words of hate you use in so many other posts. The haters can't even wait to consider the issue before they condemn the companies that have a bug.

I'd like to learn what the mindset is that makes someone continue to use software/hardware from a company that they hate and have no respect for or confidence in. After all, there are other companies from which you can buy hardware/software. I hear that Microsoft makes perfect software with NO bugs.
 
  • Like
  • Love
  • Disagree
Reactions: KeithBN, inkswamp, Mr Todhunter and 11 others
citysnaps said:
Apparently everything else in their lives marches to 100.0% perfection 100.0% of the time.
Click to expand...

I think people would crap themselves if they were aware of the undiscovered, unpatched and often unknowingly exploited vulnerabilities in their everyday IoT devices: doorbells, refrigerators, cameras, thermostats, etc., etc.

Most people think the only threats are the reported and/or patched vulns in "computers" and "phones". The snake that bites you is the one you don't see.
 
  • Like
Reactions: KeithBN, MacsRgr8, Queen6 and 11 others
roar08 said:
I think people would crap themselves if they were aware of the undiscovered, unpatched and often unknowingly exploited vulnerabilities in their everyday IoT devices: doorbells, refrigerators, cameras, thermostats, etc., etc.

Most people think the only threats are the reported and/or patched vulns in "computers" and "phones". The snake that bites you is the one you don't see.
Click to expand...

Exactly.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back