Last week, Apple released a flurry of small updates to its various operating systems, most notably iOS 16.3.1, which included a particularly nasty vulnerability that had been exploited by hackers. Now Apple has revised its security content document to include another patch for a scary bug.
The vulnerability, which was also patched in macOS 13.2.1, tvOS 16.3.1, and watchOS 9.3.1 per Monday’s updated CVE entries, is a denial-of-service issue that was discovered by a researcher on the Google Chrome team:
- Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
- Impact: Processing a maliciously crafted certificate may lead to a denial-of-service
- Description: A denial-of-service issue was addressed with improved input validation.
- CVE-2023-23524: David Benjamin of Google Chrome
The vulnerability presumably hasn’t been exploited in the wild, but it’s serious enough for Apple to have waited a week to disclose its contents. Apple says it doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.