Last week, Apple released a flurry of small updates to its various operating systems, most notably iOS 16.3.1, which included a particularly nasty vulnerability that had been exploited by hackers. Now Apple has revised its security content document to include another patch for a scary bug.
The vulnerability, which was also patched in macOS 13.2.1, tvOS 16.3.1, and watchOS 9.3.1 per Monday’s updated CVE entries, is a denial-of-service issue that was discovered by a researcher on the Google Chrome team:
Security
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
- Impact: Processing a maliciously crafted certificate may lead to a denial-of-service
- Description: A denial-of-service issue was addressed with improved input validation.
- CVE-2023-23524: David Benjamin of Google Chrome
The vulnerability presumably hasn’t been exploited in the wild, but it’s serious enough for Apple to have waited a week to disclose its contents. Apple says it doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.
Author: Michael Simon, Executive Editor
Michael Simon has been covering Apple since the iPod was the iWalk. His obsession with technology goes back to his first PC—the IBM Thinkpad with the lift-up keyboard for swapping out the drive. He's still waiting for that to come back in style tbh.