Apple Patches Zero-Day on iPhones, iPads and Mac

Last Monday, Feb. 13, Apple released updates for many of its devices. For iPhones and iPads, Apple shipped iOS 16.3.1, while for Macs, the company released macOS 13.2.1. That “.1” at the end of each update name indicates that each is not here to deliver fun new features or deliver major surface-level changes. Rather, these updates were pushed for one
February 20, 2023
 / 
meritsolutions
 / 
Image

Last Monday, Feb. 13, Apple released updates for many of its devices. For iPhones and iPads, Apple shipped iOS 16.3.1, while for Macs, the company released macOS 13.2.1. That “.1” at the end of each update name indicates that each is not here to deliver fun new features or deliver major surface-level changes. Rather, these updates were pushed for one major reason: to patch a new zero-day vulnerability.

You wouldn’t know it from Apple’s release notes, however. When you opened the update on your device, the company only listed the bug fixes each update patched. To many, the 16.3.1 and 13.2.1 updates were nothing more than a mild stability update, worth ignoring until a better, more intriguing update came around.

However, if you take a look at the bottom of the release notes, you’ll see a link to Apple’s official security updates page. For some reason, the company doesn’t include the security information with the release notes for each update, and instead makes you visit a separate site to learn more. Unless you are curious, you’re probably not clicking this link, and are therefore unaware of which security vulnerabilities, if any, were patched with this latest update.

If you clicked the link on these latest updates, you’d find a WebKit vulnerability tracked as CVE-2023-23529. According to the security report, this vulnerability could lead to arbitrary code execution when the user processes malicious web content. In short, a bad actor could trick you into clicking a malicious link, then run whatever code they wanted to on your iPhone, iPad, or Mac.

As such, arbitrary code execution vulnerabilities are bad news. Even worse, this vulnerability is an actively-exploited zero-day, meaning bad actors were taking advantage of it to attack Apple users. These updates should not be ignored.

Affected devices include iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, as well as any Mac running macOS 13 Ventura. If you have a vulnerable iPhone, iPad, or Mac, you should update it as soon as possible.

You can update an iPhone or iPad from Settings > General > Software Update. You can update a Mac on macOS Ventura from System Settings > General > Software Update.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.