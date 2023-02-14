Apple released updates to iOS 16.3.1 for iPhones, iPadOS 16.3.1 for iPads, and watchOS 9.3.1 for Apple Watches on February 13, 2023. While the company’s smartphone OS doesn’t add anything terribly innovative in terms of functionality, it fixes a few nasty bugs, one of which exposes a critical flaw.

iOS 16.3.1 fixes Webkit type confusion bug that would allow a hacker to execute commands remotely on affected iPhones and iPads. Apple claims that the CVE-2023-23514 flaw is actively exploited by cybercriminals hence the importance of updating your systems if you have not done so yet.

The latter is all the more important when we know that Webkit is the page rendering engine used by applications such as Safari, the App Store or Mail. As Apple still requires Google and Mozilla to use WebKit as a rendering engine, all iPhone and iPad users are at risk of being hacked.

The risk is all the greater since hackers could take control of your device by taking advantage of a another kernel vulnerability that allows applications to execute commands with full privileges. Suffice to say that the general operation of your smartphone may be affected by this flaw. Apple claims to have eliminated this problem by improving the memory management of the OS. In addition, iOS 16.3.1 eliminates a bug that prevented changing iCloud settings, making this service essential in certain situations, completely unusable. Some users were also complaining that they couldn’t open the Find My app on their device’s screen through Siri. This problem is now fixed.

The CVE-2023-23514 flaw is the iOS’s first zero-day flaw in 2023. Of the ten exploits the company had to deal with in 2022, four were directly related to WebKit. Updating your Apple devices under iOS 16.3.1, iPadOS 16.3.1, but also macOS Ventura 13.2.1 is therefore more than recommended.

Source: hacker news