You Must Update Your Apple Devices Immediately
Yesterday Apple released new software updates for iPhone (iOS 16.3.1), iPad (iPadOS 16.3.1) and Mac (macOS 13.2.1). If you don’t stay up to date with your software news, you may not see these updates hit your devices, especially since Apple doesn’t send a notification when a new update is available for iOS or iPadOS. But these updates are very important and you should install them as soon as possible.
The thing is, there aren’t any cool custom features in these updates, at least not the ones that Apple has highlighted. This is not like iOS 16.2 with its 11 new features , or even iOS 16.3 which brought some useful changes . However, the security fixes in these updates are more important than most of the new features that Apple could add, making the 16.3.1 and 13.2.1 updates mandatory.
The new updates include critical security fixes.
iOS 16.3.1 and macOS 13.2.1 were released in response to a zero-day vulnerability that hackers used to attack users . Day Zero is linked to a WebKit vulnerability that allows attackers to execute arbitrary code after users click on a malicious link. In short, you click on the wrong link and hackers can run any code on your iPhone, iPad, or Mac.
In addition to fixing this zero day, Apple also fixed a similar issue that allowed attackers to execute arbitrary code with kernel privileges, as well as a macOS shortcut security vulnerability. Apple says core and WebKit flaws affect iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and computers Mac running macOS Ventura. The shortcut vulnerability affects Macs running macOS Ventura.
core
- Impact. An application can execute arbitrary code with kernel privileges.
- Description. An after-free use issue was addressed with improved memory management.
- CVE-2023-23514 : Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero
webkit
- Impact. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description. A type confusion issue was addressed with improved checks.
- WebKit Bug: 251944
- CVE-2023-23529: Anonymous Researcher
Labels
- Impact. The application can monitor unprotected user data.
- Description. A privacy issue was addressed with improved handling of temporary files.
- CVE-2023-23522 : Wenchao Li and Xiaolong Bai of Alibaba Group
Error correction
These updates also fix bugs on your Apple devices. According to the release notes for iOS 16.3.1 and iPadOS 16.3.1, you can expect the following bugs to be fixed on your iPhone or iPad, where applicable:
- iCloud settings may not respond or display correctly if apps use iCloud
- Siri requests for Find My may not work
- Optimized crash detection on iPhone 14 and iPhone 14 Pro models.
Apple hasn’t released release notes for macOS 13.2.1, so we don’t know what bug fixes (if any) are in this latest update. It’s possible that the update only contains security fixes (and that’s okay).
How to update iPhone, iPad and Mac
To update your iPhone or iPad, go to Settings > General > Security Update and follow the onscreen instructions to download and install 16.3.1. To update your Mac, go to System Preferences > Software Update and follow the onscreen instructions to download and install 13.2.1.
If you have automatic updates installed, your device should update itself, but this feature may take longer than it should . For the fastest update, update manually.