Yesterday, Apple released new software updates for iPhone (iOS 16.3.1), iPad (iPadOS 16.3.1), and Mac (macOS 13.2.1). Unless you keep up to date on your software news, you might not have seen these updates hit your devices, especially since Apple doesn’t send a notification when a new update is available on iOS or iPadOS. But these updates are super important, and you should install them as soon as you can.
The thing is, there aren’t any exciting user-facing features in these updates, at least none that Apple has highlighted. It’s not like iOS 16.2 with its 11 new features, or even iOS 16.3, which brought a handful of useful changes. However, the security patches in these updates are more important than most new features Apple might’ve thrown in, making 16.3.1 and 13.2.1 must-updates.
The new updates include critical security patches
iOS 16.3.1 and macOS 13.2.1 have been issued in response to a zero-day vulnerability hackers have exploited to attack users. The zero-day stems from a WebKit vulnerability that allows bad actors to execute arbitrary code after users click on a malicious link. In short, you click the bad link, and hackers can run whatever code they want on your iPhone, iPad, or Mac.
In addition to patching this zero-day, Apple also patched a similar issue that would allow bad actors to execute arbitrary code with kernel privileges, as well as a macOS Shortcuts security flaw. Apple says the Kernel and WebKit flaws affect iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, as well as Macs running macOS Ventura. The Shortcuts flaw affects Macs running macOS Ventura.
- Impact: An app may be able to execute arbitrary code with kernel privileges.
- Description: A use after free issue was addressed with improved memory management.
- CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google Project Zero
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A type confusion issue was addressed with improved checks.
- WebKit Bugzilla: 251944
- CVE-2023-23529: an anonymous researcher
- Impact: An app may be able to observe unprotected user data
- Description: A privacy issue was addressed with improved handling of temporary files.
- CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group
These updates also patch bugs on your Apple devices. According to iOS 16.3.1 and iPadOS 16.3.1’s release notes, you can expect the following bugs to be fixed on your iPhone or iPad, where applicable:
- iCloud settings may be unresponsive or incorrectly display if apps are using iCloud
- Siri requests for Find My may not work
- Crash Detection optimizations on iPhone 14 and iPhone 14 Pro models
Apple didn’t issue release notes with macOS 13.2.1, so we don’t know what bug fixes (if any) are present with this latest update. It’s possible the update only brings security patches (and that’s A-OK).
How to update your iPhone, iPad, and Mac
To update an iPhone or iPad, head to Settings > General > Security Update, then follow the on-screen instructions to download and install 16.3.1. To update your Mac, head to System Settings > Software Update, then follow the on-screen instructions to download and install 13.2.1.
If you have Automatic Updates installed, your device should update on its own, but this feature can take longer than it should. For the fastest update possible, update manually.