Skip to Content

Apple Updates Include Fix for iOS Zero-day

On Monday, February 13, Apple released fixes for multiple products, including iOS, macOS, Safari, iPadOS, tvOS, and watchOS. Updates for iOS and iPadOS 16.3.1 and macOS 13.2.1 an actively-exploited arbitrary code execution flaw in WebKit/Safari.

Note

  • The 0-day vulnerability is part of “WebKit”. WebKit is Apple’s open source browser engine that is included in other browsers as well. In addition to the WebKit problem, Apple fixed a privilege escalation issue. This privilege escalation issue could be used to escape the browser sandbox and gain full system access after a executing code via the WebKit vulnerability.
  • Apple reports this is being actively exploited. Given that Apple just released 16.3 (and we’re all still getting that rolled out.) I’d treat this as a zero-day fix and pause 16.3 to push this instead.
  • The Apple security notice is vague; however, it mentions remote code execution at the kernel level and being actively exploited in the wild. It’s not very easily understood yet how reliable or complex the exploit is to re-create, but you should patch it now as it’s actively exploited. There were a couple of reports that Google Photos was not working when the iPhones were patched, but with my own devices, that has not manifested itself. It also takes a long time for this update to go through on both MacOS and certain phones, so expect a good amount of downtime. On MacOS, something like 20-25 minutes on the most recent Intel Macbook Pro seems to be the case.

Read more in

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on pupuweb.com