Apple’s updated security reports show the iPhone had more vulnerabilities than first revealed
The iOS 16.3.1 update also fixed a vulnerability in the Kernel that could allow an app to execute arbitrary code with kernel privileges. Apple patched this flaw with improved memory management.
Today, Apple belatedly added another vulnerability (CVE-2023-23524) that was patched by iOS 16.3.1 and iPadOS 16.3.1. This flaw could have allowed an attacker to allow an iPhone or iPad to process a “maliciously crafted certificate” which would lead to a denial-of-service (DoS) attack. These attacks flood the network with bogus traffic causing a crash and preventing legitimate users from being able to access the information they need or to complete the actions that they were trying to accomplish. Apple fixed the flaw with “improved input validation.”
Apple added more information about security patches that were part of iOS 16.3 and iOS 16.3.1
Per 9to5Google, Apple went back to the iOS 16.3 and iPadOS 16.3 security content support page and added three new flaws that were patched with iOS 16.3 and iPadOS 16.3. One, CVE-2023-23520, was found in the iOS Crash Reporter which could allow attackers to read arbitrary files as root. Two other vulnerabilities, CVE-2023-23530 and CVE-2023-23531, were also added to the security content support page.
Both of these flaws were found on the iPhone and iPad’s Foundation which Apple says, “provides a base layer of functionality for apps and frameworks, including data storage and persistence, text processing, date and time calculations, sorting and filtering, and networking.” With improved memory handling, Apple was able to patch the vulnerability which could have allowed an app “to execute arbitrary code out of its sandbox or with certain elevated privileges.”
A sandbox for an app restricts an app from obtaining or changing files used by other apps. It also prevents apps from making changes to a device. Allowing an app to execute commands out of its sandbox could be extremely dangerous and might allow an attacker to gain complete control over an iPhone or iPad.
To make sure that you’ve downloaded the latest software on your phone, go to General > Software Update and follow the directions.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.
