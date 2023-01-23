Everything New in iOS 16.3

It’s update time for your iPhone! So long as your iPhone is compatible with iOS 16, which means iPhone 8 or newer, you can download and install iOS 16.3 right now. From a major security update to fixes for some frustrating bugs, this latest iOS update is something every iPhone owner should be interested in.

New wallpapers for iOS and watchOS

The first change listed is a new Unity wallpaper in anticipation of Black History Month. You can see the new wallpaper in this post from Apple’s Newsroom last week, which also highlights a corresponding watch face and band for the Apple Watch.

Set up a physical security key

In a upgrade for your account’s security, you’ll now be able to use a physical security key for your Apple ID, a separate device used to authenticate yourself when logging into your account. If you set this up, you’ll need to provide both two-factor authentication and a physical security key when signing into your Apple ID on new devices. It makes sign in a bit more cumbersome, but that’s the point: Bad actors won’t be able to log into your account on other devices without that physical key in-hand.

Apple recommends the YubiKey 5C NFC, YubiKey 5Ci, or FEITAN ePass K9 NFC USB-A keys, but any FIDO Certified Security key will work. Just keep in mind port compatibility: Since iPhones still have a Lightning port, you’ll need a security key that supports Lightning, wireless communication via NFC, or an adaptor to connect your iPhone to the key. You can learn more about unlocking your Apple ID with a physical security key through Apple’s support page.

Stop accidentally calling 000 on your iPhone

You also no longer need to worry about placing accidentally Emergency SOS calls. Apple will now require you to not only hold down the Side button with the up or down volume button, but you’ll also need to release the buttons before placing the call. Previously, you could keep these buttons held down past the shut down screen to trigger an Emergency SOS call. While useful, it was responsible for more than a few accidental 000 calls, so this change should help make it easier to place these calls deliberately.

With iOS 16.3, your iPhone now officially supports the second-gen HomePod Apple announced last week.

iOS 16.3 fixes these bugs

While new features are great, I prefer when Apple focuses on stability. With iOS 16.3, we have six identified bugs we can expect to be gone after the update:

Apple fixed an issue in Freeform, the company’s new infinite whiteboard app, where some drawing strokes created with Apple Pencil or your finger would not show up on shared boards.

Your wallpaper should no longer appear black on the Lock Screen.

You shouldn’t see horizontal lines temporarily appearing while waking up an iPhone 14 Pro Max.

The Home Lock Screen widget should now accurately display Home app status.

Siri should now respond properly to music requests each time.

Siri requests in CarPlay should work as expected, as well.

Security updates in iOS 16.3

iOS 16.3 also patches some nasty security vulnerabilities. Maps and Weather had flaws that could allow bad actors to bypass Privacy preferences, and two WebKit vulnerabilities could allow for arbitrary code execution (i.e. bad actors running whatever code they want on your system). You can see all 12 security patches Apple acknowledges below:

AppleMobileFileIntegrity

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by enabling hardened runtime.

CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

ImageIO

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may lead to a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to determine kernel memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23504: Adam Doupé of ASU SEFCOM

Mail Drafts

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account

Description: A logic issue was addressed with improved state management.

CVE-2023-23498: an anonymous researcher

Maps

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

Safari

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Visiting a website may lead to an app denial-of-service

Description: The issue was addressed with improved handling of caches.

CVE-2023-23512: Adriatik Raci

Screen Time

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Weather

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: The issue was addressed with improved memory handling.

CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 245464 — CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

WebKit