Everything New in iOS 16.3

Photo: nikkimeel (Shutterstock)

It’s update time for your iPhone! So long as your iPhone is compatible with iOS 16, which means iPhone 8 or newer, you can download and install iOS 16.3 right now. From a major security update to fixes for some frustrating bugs, this latest iOS update is something every iPhone owner should be interested in.

New wallpapers for iOS and watchOS

The first change listed is a new Unity wallpaper in anticipation of Black History Month. You can see the new wallpaper in this post from Apple’s Newsroom last week, which also highlights a corresponding watch face and band for the Apple Watch.

Set up a physical security key

In an upgrade for your account’s security, you’ll now be able to use a physical security key for your Apple ID—a separate device used to authenticate yourself when logging into your account. If you set one up, you’ll need to provide both two-factor authentication and a physical security key when signing into your Apple ID on new devices. It makes sign in a bit more cumbersome, but that’s the point: Bad actors won’t be able to log into your account on other devices without that physical key in-hand.

Apple recommends the YubiKey 5C NFC, YubiKey 5Cior FEITAN ePass K9 NFC USB-A keys, but any FIDO Certified Security key will work. Just keep in mind port compatibility: Since iPhones still have a Lightning port, you’ll need a security key that supports Lightning or wireless communication via NFC, or you’ll need an adapter to connect your iPhone to the key. You can learn more about unlocking your Apple ID with a physical security key on Apple’s support page.

Stop accidentally calling 911 on your iPhone

You also no longer need to worry about placing accidentally emergency SOS calls. Apple will now require you to not only hold down the Side button with the up or down volume button; you’ll also need to release the buttons before placing the call. Previously, you could keep these buttons held down past the shut down screen to trigger an Emergency SOS call. While useful, it was responsible for more than a few accidental 911 calls, so this change should help make it harder to place one of these calls without meaning to.

iOS 16.3 also fix these bugs

While new features are great, I prefer when Apple focuses on stability. With iOS 16.3, we have six identified bugs we can expect to be gone after the update:

  • Apple fixed an issue in Freeform, the company’s new infinite whiteboard app, where some drawing strokes created with Apple Pencil or your finger would not show up on shared boards.
  • Your wallpaper should no longer appear black on the Lock Screen.
  • You shouldn’t see horizontal lines temporarily appearing while waking up an iPhone 14 Pro Max.
  • The Home Lock Screen widget should now accurately display Home app status.
  • Siri should now respond properly to music requests each time.
  • Siri requests in CarPlay should work as expected well.

Security updates in iOS 16.3

iOS 16.3 also patches some nasty security vulnerabilities. Maps and Weather had flaws that could allow bad actors to bypass Privacy preferences, and two WebKit vulnerabilities could allow for arbitrary code execution (ie bad actors running whatever code they want on your system). You can see all 12 security patches apple acknowledges below:

AppleMobileFileIntegrity

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access user-sensitive data
  • Description: This issue was addressed by enabling hardened runtime.
  • CVE-2023-23499: Wojciech Regula (@_r3ggi) of SecuRing (wojciechregula.blog)

ImageIO

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: Processing an image may lead to a denial-of-service
  • Description: A memory corruption issue was addressed with improved state management.
  • CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to leak sensitive kernel state
  • Description: The issue was addressed with improved memory handling.
  • CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to determine kernel memory layout
  • Description: An information disclosure issue was addressed by removing the vulnerable code.
  • CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2023-23504: Adam Doupé of ASU SEFCOM

Mail Drafts

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account
  • Description: A logic issue was addressed with improved state management.
  • CVE-2023-23498: an anonymous researcher

maps

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to bypass Privacy preferences
  • Description: A logic issue was addressed with improved state management.
  • CVE-2023-23503: an anonymous researcher

Safari

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: Visiting a website may lead to an app denial-of-service
  • Description: The issue was addressed with improved handling of caches.
  • CVE-2023-23512: Adriatik Raci

Screen Time

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access information about a user’s contacts
  • Description: A privacy issue was addressed with improved private data redaction for log entries.
  • CVE-2023-23505: Wojciech Regulation of SecuRing (wojciechregula.blog)

Weather

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to bypass Privacy preferences
  • Description: The issue was addressed with improved memory handling.
  • CVE-2023-23511: Wojciech Regula de SecuRing (wojciechregula.blog), an anonymous researcher

WebKit

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved checks.
  • WebKit Bugzilla: 245464 — CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

WebKit

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: The issue was addressed with improved memory handling.
  • WebKit Bugzilla: 248268 — CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@ l33d0hyun) of Team ApplePIE
  • WebKit Bugzilla: 248268 — CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@ l33d0hyun) of Team ApplePIE

Finally, wIth iOS 16.3, your iPhone now officially supports the second-gen HomePod Apple announced last week.

.

Leave a Comment

%d bloggers like this: