When you upgrade your iPhone toiOS 16.3last calendar month , you got a few newfangled features , including keep for the Modern HomePod , and a twelve security update . As it wrick out , there were actually 15 security update — Apple just did n’t tell us about three of them until this workweek .

It ’s not well-defined why Apple held back the extra updates , which were also part of macOS 13.2 , but Apple says it “ does n’t disclose , talk about , or sustain security issues until an investigating has occurred and speckle or release are usable . ” Apple also revealed apreviously unrevealed security patchin Io 16.3.1 and macOS 13.2.1 this week . Here are the details of the three fixes :

Crash Reporter

Foundation

In ablog post , Trellix outline the finding of the Foundation flaw , which let in “ a orotund new class of hemipteron that allow bypassing code sign language to fulfil arbitrary code in the context of several political program practical app , leading to escalation of privilege and sandbox escape on both macOS and iOS . ” The glitch originates from the so - called FORCEDENTRY Sandbox Escape fault that exploited Apple ’s NSPredicate class and was patched in September . agree to Trellix , the discovery of the original exposure “ opened a immense compass of potential vulnerabilities that we are still explore . ” The researchers say the exposure could be exploit to attain admittance to personal data including messages , localization information , call history , and photo .

As the investigator explicate , “ An attacker with code execution in a process with the proper entitlements , such as Messages or Safari , can beam a malicious NSPredicate and execute code with the privileges of this procedure . This unconscious process runs as base on macOS and kick in the assaulter memory access to the substance abuser ’s calendar , name and address rule book , and photos . ”

The company says the vulnerabilities “ represent a meaning breach of the security model of macOS and iOS which relies on individual applications have fine - grained approach to the subset of resource they need and query higher privileged services to get anything else . ”

Article image

If you have n’t updated to iOS 16.3 , Apple is no longer signalise it , which means you ’ll have to update to iOS 16.3.1 , which will include the fixes and features from iOS 16.3 .

Update 2/21 : add together background from a web log spot by Trellix .