iOS 16.3.1—Apple Fixes 2 Security Flaws
BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Google Just Revealed ‘Better Than iPhone’ Update For Pixel Users
Google Confirms Major Gmail AI Security Update For 3 Billion Users
From Promo Codes To Cashback: Ensuring Safe Shopping For Deal Seekers
Yubico Issues YubiKey Security Alert For Windows Users
Google Chrome Warning Suddenly Issued For All Windows Users
Apple’s New iOS 18 AI Plans—What To Know About Data Privacy
Edit Story
ForbesInnovationCybersecurity

iOS 16.3.1—Apple Fixes 2 Security Flaws

Kate O'Flaherty
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
Cybersecurity and privacy journalist
Following

Apple has issued iOS 16.3.1, along with a warning to update now. That’s because iOS 16.3.1 fixes two security flaws, one of which is already being used in real-life attacks.

Apple doesn’t give much detail about what’s fixed in iOS 16.3.1, to give enough time for people to update before more attackers can get hold of the details. According to the limited information on Apple’s support page, the already-exploited flaw is in WebKit, the engine that underpins the iPhone maker’s Safari browser.

Tracked as CVE-2023-23529, the issue fixed in iOS 16.3.1 could allow an attacker to execute code on someone’s iPhone. “Apple is aware of a report that this issue may have been actively exploited,” The iPhone maker added.

Apple iOS 16.3.1 also fixes a second serious security issue in the Kernel at the heart of the iPhone’s operating system. Tracked as CVE-2023-23514, the flaw could allow an attacker to execute arbitrary code with Kernel privileges via an app. Apple is not aware of any reports that the issue has been used in attacks.

The iOS 16.3.1 update comes just weeks after the release of iOS 16.3, which fixed 13 security flaws, including three in WebKit.

MORE FROMFORBES ADVISOR

Best Travel Insurance Companies

By
Amy Danise
Editor

Best Covid-19 Travel Insurance Plans

By
Amy Danise
Editor

Why you should update to iOS 16.3.1

If you are already on iOS 16, you need to update to iOS 16.3.1. as soon as possible. While the exploited bug probably targets a specific group of people, it’s only a matter of time before more attackers use it more widely. The stakes are even higher for businesses and high-profile individuals.

Updating to iOS 16.3.1 as soon as you can is the best way to protect yourself, says independent security researcher Sean Wright. “It’s also theoretically possible to chain the WebKit vulnerability with the Kernel one to gain full access to the device,” he warns. However, there’s no reason to believe this has happened in real-life attacks yet, Wright adds.

If you are on iOS 15 but have an iOS 16-compatible iPhone, now may be the time to update to iOS 16.3.1. While Apple had previously been updating iOS 15 with important security fixes, it is only doing so for older iPhones that can’t upgrade to iOS 16.

The iOS 16 upgrade also comes with some brilliant new iPhone features, many of which are a boost to your security.

The iOS 16.3.1 update is available for the iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

So what are you waiting for? Go to your Settings > General > Software Update and upgrade to iOS 16.3.1 now to keep your iPhone safe.

Follow me on Twitter or LinkedIn
Kate O'Flaherty
Kate O'Flaherty