iOS 16.3. macOS 13.2 Updates Included Patches for Major Vulnerabilities Detected by Security Researcher


Apple fixed two major security vulnerabilities with iOS 16.3 and macOS 13.2 for supported iPhone, iPad and Mac models, according to details shared by a security research firm. These updates were rolled out to users last month, and came with important bug fixes and security patches. Apple has credited the researchers with finding these flaws, that allowed a remote user to bypass protections put in place by Apple and gain access to a user’s personal data as well as their camera, microphone, and call history.

Security research firm Trellix explains in a blog post that Apple introduced security fixes to block the ForcedEntry security exploit used by NSO Group, creator of the nefarious Pegasus malware, in 2021. However, the firm found that these security protections could be bypassed by a remote user, and reported the flaws to Apple. 

Apple is said to have used a protocol called NSPredicateVisitor to shore up the security of its NSPredicate tool, that is used by developers to filter code.  Exploits like ForcedEntry would be able to bypass that mechanism to gain access to the user’s device.

An attacker could use the security flaw to bypass the sandbox that prevents one app from accessing data of other apps on the device, as well as sensitive or personal information, according to the security firm. These could include messages, call logs, photos, location details, as well as smartphone hardware such as the camera and microphone. 

However, there appears to be no evidence that these flaws have been exploited by malicious actors. Meanwhile, users who have updated their devices to the latest version of iOS and macOS should be protected from these security flaws, according to Trellix.

Apple has also updated its release notes for iOS 16.3 and macOS 13.2, and both documents credit Trellix Senior Security Researcher Austin Emmitt with identifying two security flaws — CVE-2023-23530 and CVE-2023-23531 — on the mobile and desktop operating systems. Meanwhile, Trellix has thanked Apple for working quickly with the firm to resolve both security flaws. 

Affiliate links may be automatically generated – see our ethics statement for details.

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2023 hub.

Products You May Like

Articles You May Like

iPhone 15 Pro, iPhone 15 Pro Max Sales Expected to Increase Apple’s Smartphone Share in India: Report
SAG-AFTRA Video Game Performers Vote to Authorise Strike Against Publishers and Studios
Pixel Watch 2 Teased in New Leaked Promo Video, Specifications Hinted Ahead of October 4 Launch
Tokyo Game Show 2023: Like a Dragon Gaiden, Persona 5 Tactica, More Coming to Xbox Game Pass on Day-One
Baldur’s Gate 3 ‘Big’ Third Patch Finally Lets You Change Appearance

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.