Everything New in IOS 16.3

Posted on by

It’s time to upgrade your iPhone! If your iPhone is compatible with iOS 16 , i.e. iPhone 8 or later, you can download and install iOS 16.3 right now. From a major security update to some nasty bug fixes, this latest iOS update should be of interest to every iPhone owner.

New wallpapers for iOS and watchOS

The first change listed is the new Unity wallpaper ahead of Black History Month. You can see the new wallpaper in this post from last week’s Apple newsroom, which also highlights the matching watch face and band for the Apple Watch.

Setting up a physical security key

As part of your account security update, you will now be able to use a physical security key for your Apple ID, a separate device used to authenticate you when you sign in to your account. If you set it up, you’ll need to provide both two-factor authentication and a physical security key when you sign in to your Apple ID on new devices. This makes signing in a bit more cumbersome, but that’s the point: attackers won’t be able to sign into your account on other devices without this physical key in hand.

Apple recommends YubiKey 5C NFC , YubiKey 5Ci , or FEITAN ePass K9 NFC USB-A dongles , but any FIDO-certified security dongle will do. Just be mindful of port compatibility: Since the iPhone still has a Lightning port, you’ll need a security dongle that supports Lightning or wireless via NFC, or you’ll need an adapter to connect your iPhone to the dongle. You can learn more about unlocking your Apple ID with a physical security key on the Apple Support page .

Stop Random 911 Calls on Your iPhone

You also no longer have to worry about accidental emergency calls . Apple will now require you to not only hold down the side button with the volume up or down button; you also need to release the buttons before making a call. Previously, you could keep these buttons pressed after the shutdown screen to trigger an emergency SOS call. While this was helpful, it was responsible for more than a few random 911 calls, so this change should help make it harder to make one of those calls without intent.

iOS 16.3 also fixes these bugs.

While new features are great, I prefer Apple to focus on stability. In iOS 16.3, we have six identified bugs that are expected to go away after the update:

  • Apple fixed an issue in Freeform, the company’s new infinite whiteboard app, that caused some drawing strokes created with the Apple Pencil or your finger to not show up on shared whiteboards.
  • Your wallpaper should no longer appear black on the lock screen.
  • You should not see temporary horizontal lines appear when you wake up your iPhone 14 Pro Max.
  • The Home Lock Screen widget should now accurately display the status of the Home app.
  • Siri should now correctly respond to music requests every time.
  • Siri requests in CarPlay should also work as expected.

Security updates in iOS 16.3

iOS 16.3 also fixes some nasty security vulnerabilities. Maps and weather had flaws that could allow attackers to bypass privacy settings, and two WebKit vulnerabilities could allow arbitrary code execution (that is, attackers could run any code they want on your system). You can see all 12 security patches Apple recognizes below:

AppleMobileFileIntegrity

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. The app can access the user’s sensitive data.
  • Description. This issue was addressed by enabling the hardened runtime.
  • CVE-2023-23499 : Wojciech Regula (@_r3ggi) of SecuRing (wojciechregula.blog)

ImageIO

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. Image processing may result in a denial of service.
  • Description. A memory corruption issue was addressed with improved state management.
  • CVE-2023-23519: Yigit Can YILMAZ (@yilmazcanyigit)

nucleus

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. An application could pass confidential kernel state.
  • Description. This issue was addressed through improved memory handling.
  • CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. LLC (@starlabs_sg)

nucleus

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. An application can determine the structure of kernel memory.
  • Description. An information disclosure issue was addressed by removing the vulnerable code.
  • CVE-2023-23502 : Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. LLC (@starlabs_sg)

nucleus

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. An application can execute arbitrary code with kernel privileges.
  • Description. This issue was addressed through improved memory handling.
  • CVE-2023-23504 : Adam Dope of ASU SEFCOM

Mail drafts

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. The quoted original message could have been selected from the wrong email address when forwarding the email message from an Exchange account.
  • Description. A logic issue was addressed with improved state management.
  • CVE-2023-23498: Anonymous Researcher

Cards

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. The app may have bypassed privacy settings.
  • Description. A logic issue was addressed with improved state management.
  • CVE-2023-23503: Anonymous Researcher

Safari

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. Visiting the website may result in a denial of service for the application.
  • Description. This issue was addressed through improved handling of caches.
  • CVE-2023-23512: Raci Adriatic

screen time

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. The application can access the user’s contact information.
  • Description. A privacy issue was addressed with improved editing of personal information for journal entries.
  • CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

Weather

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. The app may have bypassed privacy settings.
  • Description. This issue was addressed through improved memory handling.
  • CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), researcher anonymous

webkit

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. Processing maliciously crafted web content may lead to arbitrary code execution.
  • Description. This issue was addressed with improved checks.
  • WebKit Bugzilla: 245464 – CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren, and Hang Shu of the Institute of Computing Technology, Chinese Academy of Sciences.

webkit

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact. Processing maliciously crafted web content may lead to arbitrary code execution.
  • Description. This issue was addressed through improved memory handling.
  • WebKit Bugzilla: 248268 – CVE-2023-23518: Choi Young Hyun (@hyeon101010), Park Hyun (@tree_segment), Jeong Seok (@_seokjeon), Ahn Young Sung (@_ZeroSung), Bae Jun Seo Bae (@snakebjs0107), Lee Do Hyun ( @l33d0hyun) from the ApplePIE team
  • WebKit Bugzilla: 248268 – CVE-2023-23517: Younghyun Choi (@hyeon101010), Hyeon Park (@tree_segment), Seok Jeong (@_seokjeon), Ahn Youngsung (@_ZeroSung), Junseo Bae (@snakebjs0107), Lee Dohyun (@ l33d0hyun) from the ApplePIE team

Finally, with iOS 16.3, your iPhone now officially supports the second generation HomePod that Apple announced last week.

More…

0
Apple

Leave a Reply