Last week, Apple released a series of small updates to its various operating systems, most notably iOS 16.3.1, which contained a particularly nasty vulnerability that hackers exploited. Now, Apple has revised its security content document to include yet another patch for the dreaded bug.
The vulnerability, which was also patched in macOS 13.2.1, tvOS 16.3.1, and watchOS 9.3.1 according to Monday’s updated CVE entries, is a denial of service issue discovered by a researcher from the Google Chrome team:
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
- Influence: Handling a malicious certificate can result in a denial of service
- Description: A denial of service issue was addressed with improved input validation.
- CVE-2023-23524: David Benjamin of Google Chrome
The vulnerability does not appear to have been exploited in real life, but it is so severe that Apple waited a week to reveal its contents. Apple says it does not disclose, discuss, or confirm security issues until an investigation is conducted and patches or releases are available.