Security Researchers Delve Into Major Vulnerability Patched in iOS 16.3 and macOS 13.2

With almost every iOS and macOS update, Apple includes a host of security improvements to address major vulnerabilities. iOS 16.3 and macOS Ventura 13.2, released back in January, were no exception. Both updates included fixes for a long list of issues, including two that were highlighted today in a report from Trellix.

iOS 16
Trellix Advanced Research Center discovered a new class of privilege execution bugs within iOS and macOS, which could be exploited to delve into an iPhone or Mac user's messages, location data, photos, call history, and more.

In a blog post highlighting how the bug was found, Trellix explains how mitigations that Apple introduced for the FORCEDENTRY zero-click exploit in September 2021 could by bypassed, allowing for a "huge range of potential vulnerabilities."

Trellix found its first vulnerability in the coreduetd process, which could be used to give an attacker access to a person's calendar, address book, and photos. Vulnerabilities in OSLogService and NSPredicate were able to be exploited to achieve code execution within Springboard, providing attackers access to the camera, microphone, call history, and more.

Data about these vulnerabilities was relayed to Apple, and the company fixed the exploits in iOS 16.3 and macOS 13.2 Ventura. Security support documents for both updates were refreshed yesterday to reflect the addition of the patches.

Trellix is credited with two vulnerabilities (CVE-2023-23530 and CVE-2023-23531) that Apple patched with improved memory handling. Trellix said that it thanks Apple for working quickly to fix the issues.

Top Rated Comments

Realityck Avatar
4 weeks ago

apple stans in panic mode after realizing the walled garden is useless
MacOS is not a walled garden.
Score: 31 Votes (Like | Disagree)
NT1440 Avatar
4 weeks ago

It's us users who pay the price for Apple's recent lack of software quality
Show me one piece of software that doesn’t have bugs and I’ll show you a piece of software that just hasn’t been examined enough.

This is the world of modern software, millions of interacting libraries, improper error checking in places that no one should be able to get to but a different exploit was found to allow for it, etc.

This isn’t an obvious “password is in plaintext” kind of security flaw. This is a chain of flaws. This is how the world works now.
Score: 30 Votes (Like | Disagree)
I7guy Avatar
4 weeks ago
I guess according every other vendor in the world writes code that is 100% bug free with no vulnerabilities.:rolleyes:
Score: 28 Votes (Like | Disagree)
madmin Avatar
4 weeks ago
It's us users who pay the price for Apple's recent lack of software quality
Score: 22 Votes (Like | Disagree)
rgwebb Avatar
4 weeks ago

It's us users who pay the price for Apple's recent lack of software quality
Weird takeaway from a story about Apple rapidly responding to a white hat security team's notification of vulnerabilities.
Score: 20 Votes (Like | Disagree)
citysnaps Avatar
4 weeks ago

I guess according every other vendor in the world writes code that is 100% bug free with no vulnerabilities.:rolleyes:
It's astonishing so many people believe that's true.

Apparently everything else in their lives marches to 100.0% perfection 100.0% of the time.
Score: 17 Votes (Like | Disagree)

Popular Stories

iOS 16

iOS 16.4 for iPhone Nearing Launch With These 5 New Features

Monday March 20, 2023 11:50 am PDT by
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April. iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
iPhone 15 Pro Buttons CAD Leak

iPhone 15 Pro Leak Reveals Unified Volume Button and Mute Button

Monday March 20, 2023 8:33 am PDT by
As previously rumored, the next-generation iPhone 15 Pro and iPhone 15 Pro Max will feature a unified volume button and a mute button, according to leaked CAD images shared in a video on the Chinese version of TikTok and posted to Twitter by ShrimpApplePro. Instead of separate buttons for volume up and volume down, the iPhone 15 Pro models are expected to have a single elongated button for...
voice isolation

iOS 16.4 Adds Voice Isolation for Cellular Phone Calls

Tuesday March 21, 2023 11:01 am PDT by
The iOS 16.4 update that is set to be released to the public in the near future includes voice isolation for cellular calls, according to notes that Apple shared today. Apple says that Voice Isolation will prioritize your voice and block out the ambient noise around you, making for clearer phone calls where you can better hear the person you're chatting with and vice versa. Voice...
airpodsd 3 purple 4

iOS 16.4 Seemingly References New AirPods and AirPods Case

Tuesday March 21, 2023 11:43 am PDT by
The iOS 16.4 release candidate version that was provided to developers today appears to hint at a new set of AirPods that could be coming in the near future. According to @aaronp613, the beta features references to AirPods that have a model number of A3048 and an AirPods case with a model number of A2968. There have been no rumors that new AirPods are on the horizon, and it is early for...
maxresdefault

Nothing Launches $149 Ear (2) Wireless Earbuds to Compete With AirPods Pro 2

Wednesday March 22, 2023 9:48 am PDT by
Nothing today announced the launch of its second-generation wireless earbuds, the Nothing Ear (2), which offer many of the same features as Apple's AirPods Pro 2 at a lower price point. We went hands-on with the Ear (2) earbuds to see whether they're a viable alternative to the AirPods Pro 2 for those who want to save some cash. The Ear (2) earbuds are the successor to the Nothing Ear (1),...
iOS 16

Apple Seeds Release Candidate Versions of iOS 16.4 and iPadOS 16.4 to Developers [Update: Public RC Available]

Tuesday March 21, 2023 10:25 am PDT by
Apple today seeded the release candidate versions of upcoming iOS 16.4 and iPadOS 16.4 updates to developers for testing purposes, with the software coming a week after the launch of the fourth betas. The RCs mark the final version of the software that will be provided to the public in the near future. Registered developers are able to download the iOS 16.4 and iPadOS 16.4 updates...
apple park at night 1

Apple 'Tracking Employee Attendance' in Crackdown on Remote Working

Thursday March 23, 2023 3:41 am PDT by
Apple is tracking the attendance of its employees at offices using badge records in order to ensure they are coming in at least three times a week, according to Platformer's Zoë Schiffer. Since April 2022, Apple employees have been operating on a hybrid home/office work policy as part of a gradual return strategy following the pandemic, with staff required to work from the office at least...
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...