Apple first released its iOS 16.3.1 and iPadOS 16.3.1 updates on the 14th of February to mitigate software vulnerabilities with the potential for zero-day attacks. The company added another vulnerability patch on the 20th of February to prevent DoS attacks.
The first update fixed a vulnerability in the WebKit browser search engine, which could allow attackers to leverage arbitrary code execution to run specific commands on a targeted device. According to the company support pageOpens a new window , this flaw has actually been exploited by malicious actors.
The update also patched another vulnerability allowing actors with kernel privileges to run arbitrary code through apps. The patch included improvements to the OS’s memory management processes.
The latest patch was for a vulnerability, which could allow attackers to start Denial of Service (DoS) attacks by processing illegitimate certificates on the targeted iPad and iPhone devices. Such DoS is carried out by flooding the network with fake web traffic, stopping the actual users from accessing and using the device. The patch involved improvements in the validation of user inputs.
See More: SASE Is Greater than the Sum of its Parts
App Sandboxing Key To Preventing Deeper Device Access for Malicious Actors
The patches for these vulnerabilities involved app sandboxing approaches. While Apple has not released details about the attacks, this new update shows that iPhones were more vulnerable than previously believed.
The sandboxing approach will disallow apps from changing or obtaining files from each other or making changes to devices. Running app commands outside of sandboxes can increase the risk and provide significantly greater levels of access to malicious actors than otherwise.
In January, Apple provided macOS and iOS updates, including two-factor authentication with physical keys and end-to-end iCloud encryption for superior account security.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!