Apple releases update to fix yet another 'bug' — but here's what's raising eyebrows

News
By Kimberly Gedeon
published

Another day, another bug fix ... or is it?

iPhone 14 Pro Max
(Image credit: Laptop Mag)

On Monday, Apple rolled out yet another update for iPhones and iPads to rectify a security flaw. The Cupertino-based tech giant is notoriously vague when it comes to providing details about its patches. 

Apple's release notes about bugs are often indistinguishable, looking no different from the one that came before it, with oft-repeated phrases like "an app may be able to execute arbitrary code with kernel privileges." This is by design, of course. Why would Apple make an article about its own security flaws interesting enough to stimulate media attention?

But every now and then, Apple throws in the ol' "this issue may have been actively exploited" phrase into its release notes, causing tech pundits' to raise their eyebrows.

Apple unveils new updates for iOS, iPadOS

As mentioned, threw in "Apple is aware of a report that this issue may have been actively exploited" in its release notes regarding bug fixes for the iPhone and iPad. In other words, as Engadget pointed out, chances are high that cybercriminals have already took advantage of the issue, making it particularly concerning for all iOS and iPadOS users.

Apple credited an anonymous researcher for discovering the flaw, a "type confusion issue" in the WebKit browser engine that could process "maliciously crafted web content," leading to arbitrary code execution. Apple said that it rectified the issue with improved checks, but didn't delve deeper into the patch.

In addition, Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero discovered a "use after free" issue in the kernel that Apple rectified with improved memory management. 

It's worth noting that Engadget asked Apple for more details on the exploit beyond what was state in the release notes; Apple declined to reveal more.

macOS

iPhones and iPads aren't the only ones getting an update due to security flaws; macOS is on the update menu, too. Once again, researchers at Google Project Zero and Pengu Lab spotted a code-execution issue in the kernel, impelling Apple to release the latest macOS update. There was also a security flaw related to the Shortcuts feature that could expose user data, a bug spotted by Alibaba Group researchers. 

Be sure to update your devices to iOS 16.3.1, iPadOS 16.3.1 and macOS Venture 13.2.1. Affected devices include iPhone 8 and newer, iPad Pro, iPad Air 3 and later, iPad 5 and newer, and iPad mini 5 and later, and macs running macOS Monterey, Big Sur and Ventura.

As The Hacker News pointed out, Apple fixed 10 zero-day vulnerabilities in its software in 2020.

Kimberly Gedeon
Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!