You are using an outdated browser. Please upgrade your browser to improve your experience.
Big Safari & Kernel issues fixed in iOS 16.3.1, macOS 13.2.1 updates
16-inch MacBook Pro
Apple introduced small incremental updates across its software ecosystem on Monday, with iOS 16.3.1 , iPadOS 16.3.1 , and macOS 13.2.1 available to download by the public.
Following the release, Apple has published details about the security content of each update , with a lot of crossover between the three operating systems.
The first, a Kernel issue, impacts all three updates, and is described as one where "an app may be able to execute arbitrary code with kernel privileges. The fix addressed a "use after free issue" by adding "improved memory management.
Identified as CVE-2023-23514, the issue was declared by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
The second, a WebKit problem, is listed as impacting all of the operating systems, as well as Safari itself. Under the issue, "processing maliciously crafted web content may lead to arbitrary code execution."
Apple adds that it is "aware of a report that this issue may have been actively exploited." It has since been fixed with "improved checks."
It is identified as CVE-2023-23529, and was found by "an anonymous researcher.
The last issue is for Shortcuts, and specifically affects macOS Ventura . Under the issue, an app "may be able to observe unprotected user data," which was fixed with "improved handling of temporary files."
CVE-2023-23522 was found by Wenchao Li and Xiaolong Bai of Alibaba Group.
Sponsored Content
Bluetti AC240 portable power station pushes the boundaries with IP65 waterproof rating
Top stories.
Beyond TSMC, how Apple's supply chain will be disrupted by the Taiwan earthquake
Apple's next big thing could be a home robot
Google could charge Apple users for AI tools in iOS 18
External drive support in macOS Sonoma is partially broken, and it's probably Apple's fault
macOS 15 will get a big AI boost: what to expect at WWDC 2024
Featured deals.
This best-selling M3 MacBook Pro 14-inch with 16GB RAM is on sale for $1,599
Latest comparisons.
M3 15-inch MacBook Air vs M3 14-inch MacBook Pro — Ultimate buyer's guide
M3 MacBook Air vs M1 MacBook Air — Compared
M3 MacBook Air vs M2 MacBook Air — Compared
Latest news.
iPhone 16 dummy units show off Capture button, new camera bump
A range of small design tweaks are coming to iPhone 16 and iPhone 16 Pro, and some dummy units used by case makers provide a first glance at what's coming.
How to always have recently-opened items at your fingertips
Your most recently-opened files are easily accessible from multiple places on a Mac, making it easy to get back to them.
Apple Music, TV+, other services were down
Apple's system status page showed 11 outages across its services including Apple Music, Apple Arcade, Apple TV+, and the App Store.
Rumors suggest Google is looking to offer premium generative AI features just as Apple is allegedly planning an AI App Store for iOS 18.
Beyond TSMC, Apple's supply chain will be disrupted by the Taiwan earthquake
The Taiwan earthquake will cause issues for a number of Apple suppliers beyond TSMC, but the supply chain's impact probably won't be severe long-term, thanks to globalization. Here are some of Apple's suppliers that the company will need to keep an eye on for a while.
An Apple robotics division has risen from the ashes of the Apple Car and wants to build an autonomous robot companion for your home.
Apple Vision Pro gains Niantic tech to open up more AR experiences
Niantic will be supporting the Apple Vision Pro with its 8th Wall Metaversal Deployment, which could make it easier for developers to bring WebAR experiences to Apple's mixed-reality headset.
Amazon's $89 AirPods deal delivers best price available
Amazon's fresh AirPods price drop delivers a $40 discount on the most affordable entry into Apple's AirPods line.
Apple Savings gets first ever interest rate cut
As of April 3, 2024, the annual percentage yield for Apple Savings account users is 4.4%, down from its previous high of 4.5% set in January.
How third-party App Stores will look to users in the EU
While EU users wait for the launch of new third-party app stores for the iPhone, the developer behind AltStore has demonstrated how they will all work.
Latest Videos
Apple Ring rumors & research - what you need to know about Apple's next wearable
WWDC 2024 will show off Apple's AI efforts on June 10
iPhone 15 Pro Max review six months later: Still an exciting upgrade
Latest reviews.
TP-Link Tapo Indoor cameras review: affordable HomeKit options with in-app AI tools
ShiftCam LensUltra Deluxe Kit review: Upgrade your iPhone photo shooting game
Keychron Q1 Max review: cushy, comfortable, costly
{{ title }}
{{ summary }}
About the security content of Safari 16.3
This document describes the security content of Safari 16.3.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Safari 16.3
Released January 23, 2023
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464 CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Additional recognition
We would like to acknowledge Eliya Stein of Confiant for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Start a discussion in Apple Support Communities
Apple fixes a few annoyances with iOS 16.3.1, iPadOS 16.3.1, macOS 13.2.1, watchOS 9.3.1 and tvOS 16.3.2
Release notes for iOS and iPadOS 16.3.1, macOS 13.2.1, watchOS 9.3.1 and tvOS 16.3.2 reveal bug fixes related to iCloud, Siri on HomePod and more.
On February 13, 2023, Apple released some updates for its iPhone, iPad, Mac, Apple Watch and Apple TV hardware. Instead of outward-facing new user features, the updates focus on fixing a few annoying bugs that users have complained about.
For instance, one of the patches in iOS 16.3.1 resolves an issue where Siri on HomePod would cause some HomeKit requests to fail or time out. macOS Ventura 13.2.1 includes security patches for the system kernel, the Shortcuts app and WebKit. The kernel and WebKit fixes are also part of watchOS 9.3.1 and tvOS 16.3.2.
What’s new in iOS 16.3.1?
iOS 16.3.1 provides bug fixes for the iCloud section in the Settings app being unresponsive or incorrectly displaying whether apps are using iCloud.
There are also fixes for when Siri requests for the Find My app wouldn’t work. iOS 16.3.1 also optimizes the iPhone 14’s Crash Detection, likely to address skiers accidentally triggering the feature. The security patches in iOS 16.3.1 resolve a pair of vulnerabilities related to the kernel and Safari’s WebKit engine.
To install iOS 16.3.1 on your iPhone, go to Settings → General → Software Update , then hit Install Now or Download and Install . To apply the update, you must enter your iPhone’s passcode and the device must be connected to a Wi-Fi network.
What’s new in iPadOS 16.3.1?
iPadOS 16.3.1 sports the same iCloud and Siri-related fixes as iOS 16.3.1, including patches for the kernel and WebKit vulnerabilities that could permit an attacker to execute arbitrary code via a rogue app or maliciously crafted web content. Apple says it’s aware of a report that the WebKit issue may have been actively exploited. To update your iPad , open Settings → General → Software Update .
What’s new in macOS Ventura 13.2.1?
The official release notes for macOS Ventura 13.2.1 don’t reveal much about the update beyond stating that it provides “important bug fixes and security updates for your Mac,” including patches for the kernel, Shortcuts and WebKit issues.
The kernel and WebKit patches are the same as in iOS 16.3.1. A fix for the Shortcuts app patches an exploit that could allow an app to observe unprotected user data. Apple fixed this privacy problem with “improved handling of temporary files.”
To install macOS Ventura 13.2.1, click the Apple menu, select System Settings , and then navigate to General → Software Update . If you see the macOS Ventura 13.2.1 update listed, click the button to install it.
What’s new in watchOS 9.3.1?
watchOS 9.3.1 includes unspecified bug fixes and security updates. Apple hasn’t provided release notes for the update, but we’ll update the article with a list of changes as soon as the official changelog has been published on Apple’s website.
To install watchOS 9.3.1 directly on your Apple Watch, go to Settings → General → Software Update , then hit Install and follow the onscreen instructions. You can also update your Apple Watch through your iPhone by opening the companion Watch app and navigating to My Watch → General → Software Update .
To install the update, your watch must be plugged into power, have at least fifty percent battery, be connected to a Wi-Fi network and nearby its paired iPhone.
What’s new in tvOS 16.3.2?
Official details were unavailable at publication time, but it would seem that tvOS 16.3.2 brings the same security updates to your Apple TV HD and Apple TV 4K as iOS 16.3.1. To update your Apple TV manually, go to Settings → System → Software Updates and select Update Software . If you see a tvOS 16.3.1 update listed there, choose Download and Install . Keep your Apple box connected and plugged into power until the update is complete.
What’s new in HomePod software 16.3.2?
iOS 16.3.2 also includes updates for your HomePod and HomePod mini devices. Aside from general performance and stability improvements, HomePod software 16.3.2 focuses on fixing a HomeKit-related issue where asking Siri on HomePod to control your smart home appliances would time out or completely fail.
To update your Apple smart speaker, open the Home app on your iPhone, iPad or Mac, then hit the … (ellipsis) menu and choose Home Settings → Software Update . If there’s a new update, hit the Update button to download and install it.
Relevant Apple support documents
As is the case for other Apple OS updates, the new software is supported by technical documents on Apple’s website, which contain the official release notes, the contents of security updates and so on.
- iOS 16.3.1 release notes
- iPadOS 16.3.1 release notes
- macOS Ventura 13.2.1 release notes
- tvOS 16.3.2 release notes
- watchOS 9.3.1 release notes
- HomePod software 16.3.2 release notes
- Apple security updates
Should I update to iOS 16.3.1? Here's what Apple's newly updated software does
Have you updated your iPhone yet?
Apple has released iOS 16.3.1, an update to its operating system that fixes a security vulnerability that hackers may have exploited in the wild.
According to Apple's support page, the bug was in WebKit , the web browser engine used by Safari. The problem could allow an attacker to execute code on someone's device.
iOS 16.3.1 also fixes an issue in the Kernel at the core of the operating system that could allow an app to execute arbitrary code with kernel privileges.
The update comes just weeks after the release of iOS 16.3 , which added the ability to use security keys for two-factor authentication.
Apple said the issues affect iPhone 8 models and later. It also released macOS 13.2.1, iPadOS 16.3.1 and Safari 16.3.1 security updates.
Your iPhone Face ID is vulnerable: Change the Face ID setting, or anyone can get into your iPhone
iOS 16.3: Here are the new features coming to your iPhone
What else is new in iOS 16.3.1?
iOS 16.3.1 promises to improve Crash Detection on iPhone 14 and iPhone 14 Pro models.
Crash Detection is a feature that alerts emergency services if your iPhone 14 detects a "severe car crash" and is on by default.
It also brings fixes to iCloud settings and Siri requests for Find My.
Google's answer to ChatGPT: Here's what you need to know about its new AI chatbot
Talking Tech: Subscribe to get the latest tech news
How to update your iPhone to iOS 16.3.1
To update your iPhone manually, go to Settings, click on General and select Software Update.
If you have your device set to automatic updates, your iPhone will download and install the update overnight while charging and connected to Wi-Fi.
To install updates automatically, go to Settings, click on General, select Software Update and enable automatic updates.
- Mobile Site
- Staff Directory
- Advertise with Ars
Filter by topic
- Biz & IT
- Gaming & Culture
Front page layout
update now —
Apple releases ios 16.3.1 and other updates with fix for “actively exploited” bug, also includes fixes for iphone 14 crash detection, siri, and icloud bugs..
Andrew Cunningham - Feb 13, 2023 8:51 pm UTC
Apple is releasing minor updates to all of its major software platforms today to address one high-priority security vulnerability and to fix a handful of other device- and service-specific issues. The iOS 16.3.1 , iPadOS 16.3.1, and macOS 13.2.1 updates all patch an "actively exploited" arbitrary code execution vulnerability in WebKit/Safari, and a second kernel vulnerability that isn't known to be actively exploited.
Those updates also fix an issue that could cause iCloud to become unresponsive and a Siri bug that was keeping it from working properly with the Find My feature. A HomePod 16.3.2 OS update also fixes some Siri problems that could cause smart home requests to fail. Detailed release notes aren't available for watchOS 9.3.1 or tvOS 16.3.2, but those updates are also available to download and presumably fix similar problems.
For iPhone 14 models, the iOS 16.3.1 update makes further tweaks to the Crash Detection safety feature. Meant to automatically contact first responders in the event of a car crash or sudden fall, Crash Detection has also made headlines for the false positives that it can generate— riding rollercoasters , skiing , dropping the phone at high velocities, and other activities have all set off Crash Detection.
Further Reading
For users of older Apple devices, there is a Safari update available for macOS Big Sur and Monterey to fix the WebKit bug, but no equivalent iOS 15 or iPadOS 15 update for older iPhones and iPads, and no documented fix for the kernel issue in any of these older operating systems. We've asked Apple whether these OS versions are vulnerable to these bugs and, if so, whether the company plans to release an update for them. We'll update the article if we receive a response.
reader comments
Channel ars technica.
The Best Way Yet to Measure Browser Performance">Speedometer 3.0: The Best Way Yet to Measure Browser Performance
Mar 11, 2024
by Ryosuke Niwa
As announced on browserbench.org today, in collaboration with other browser engine developers, Apple’s WebKit team is excited to introduce Speedometer 3.0 , a major update that better reflects the Web of today. It’s built together by the developers of all major browser engines: Blink, Gecko, and WebKit with hundreds of contributions from companies like Apple, Google, Intel, Microsoft, and Mozilla. This post is a deep dive into how the collaborative Speedometer project improved the benchmark’s measurements methods and test content.
To recap history, in 2014, the WebKit team at Apple released the Speedometer browser benchmark , designed to measure the responsiveness of websites and web apps.
The original Speedometer simulated user interactions in web applications, driving TodoMVC sample apps written using different JavaScript frameworks to add, complete, and remove todo items. It was unlike other DOM or web app benchmarks publicly available at the time. These older benchmarks were mostly collections of micro-benchmarks, and didn’t reflect how DOM APIs were used in real web apps, or how individual APIs interacted with the rest of the web browser engine. Speedometer quickly became an important tool for performance measurement and tuning not just in WebKit but also in other browser engines.
In 2018 the WebKit team, in collaboration with Google’s Chrome team, released Speedometer 2.0 , updated to use the latest frameworks and libraries available at the time. The Speedometer benchmark has since gained even more popularity among browser engines as a guide for optimization, and among independent testers and reviewers to compare different devices, operating systems, and browsers.
Today’s release of Speedometer 3.0 marks a major step forward in web browser performance testing. It improves the accuracy of measurement and measures the performance of a wide variety of contents.
Cross-Browser Collaboration
Speedometer 3.0’s release is a result of the collaboration among browser developers to improve the Web as a whole together. Much as Interop 2024 represents joint work to test and improve standards compliance, Speedometer 3.0 is a joint effort to test and improve browser performance.
Where previous Speedometer versions were developed as part of the WebKit project, Speedometer 3.0 has been developed and released under a joint multi-stakeholder governance model including the three major engine browsers: Blink, Gecko, and WebKit, and the repository has received hundreds of open source contributions since the original announcement in December 2022 . This collaboration better ensures fairness in measurement and workload composition. And together, the group created a shared vision for the benchmark.
Improved Test Harness
We’ve improved the way Speedometer measures runtime performance. Prior Speedometer versions measured the time to run a test script synchronously as “sync” time; and the time until a zero-delay timer scheduled at the end of “sync” work fires as “async” time, as shown in the following diagram:
However, this method sometimes misses important work that browser engines do in response to script-driven changes, because synchronous tasks and the zero-delay timer are scheduled without considering the timing of rendering updates. It also didn’t capture any work frameworks delay until the next requestAnimationFrame (rAF) callback, a common technique in modern frameworks. The following diagram illustrates how important work could be missed by the time calculations.
Speedometer 3.0 takes advantage of the fact that all browser engines have adopted the HTML5 event loop model for updating the webpage rendering. It measures test scripts within a requestAnimationFrame callback as “sync” time, and the time to fire zero-delay timer scheduled in a second requestAnimationFrame as “async” time:
Because the zero-delay timer is now scheduled in a second requestAnimationFrame, it’s guaranteed to be fired after all the zero-delay timers scheduled during the synchronous portion of the test had fired. Thanks to HTML5’s event loop processing model, browser engines update the rendering of web pages after all requestAnimationFrame are called before the next zero-delay timer fires. These changes greatly improved Speedometer’s ability to accurately measure the runtime of synchronous work and asynchronous work browsers do in response to script that handles user events.
The test harness has also been rewritten to use modern JavaScript features like modules, native promises, let & const, async & await, and class syntax, which were not widely available at the time Speedometer 1.0 was first written.
Like its precursors, Speedometer 3.0 sums up the runtime taken to simulate user actions such as adding todo items, completing them, and removing them per each workload, and computes the geometric mean of the totals across different workloads. The final score is calculated as the arithmetic mean of the reciprocal of the geometric mean:
Adjustment to Score
Since Speedometer’s benchmark content was last updated in 2018, web browsers have gotten increasingly better at handling Speedometer content. Moreover, new hardware, such as Apple Silicon Macs, continues to push the boundary of what’s possible in computing. Where originally scores were scaled to be under 100, modern browsers now can score over 500 on the fastest devices. To make scores easier to compare and to make room for future improvements, we’ve adjusted the score so that a typical web browser will get a score in the 20-30 range to start out.
Updated UI Frameworks
Now let’s take a look at the test content in Speedometer 3. Like the past versions of Speedometer, version 3.0 includes TodoMVC-based todo apps that emulate adding, completing, and removing todo items. To better represent the modern Web, the most widely used JavaScript UI frameworks were identified from the HTTP Archive in March 2023:
The monthly downloads in NPM was also taken into account to find frameworks with high momentum:
Based on these data points, we’ve included the following JavaScript frameworks in our todo apps: Angular , Backbone , jQuery , Lit , Preact , React , React+ Redux , Svelte , and Vue . For each framework, the most commonly used version at the time was picked. Todo implementations written in vanilla JavaScript using ES5, ES6, and web components are also included.
Complex DOM Versions
In addition, Speedometer 3.0 includes “complex DOM” versions of some of the TodoMVC applications. In these complex DOM versions, each todo app is embedded inside a UI structure which mimics a web application with many deeply nested DOM nodes and plenty of CSS rules. Even though the benchmark still emulates the same set of operations, doing so in the context of more DOM elements and CSS rules adds work and captures additional performance bottlenecks.
In order to ensure the variety of performance scenarios to be tested, Speedometer 3.0 includes 6 simple DOM todo applications and 6 complex DOM todo applications.
Broader Content
Together, these changes to todo apps dramatically improved the coverage of the benchmark. But Speedometer 3.0 takes it a step further and includes entirely new kinds of applications.
Speedometer 3.0 includes two test apps that mimic typical news sites, built using the popular single page application frameworks Next.js and Nuxt . It emulates user actions such as clicking on menu items and navigating to another page in the single page app setup.
Speedometer 3.0 also includes four charting applications based on Observable Plot , chart.js , React stockcharts , and WebKit’s performance dashboards . Observable Plot and React Stockcharts are based on D3 and test manipulating SVG-based graphics. Chart.js and WebKit’s performance dashboards test drawing canvas-based graphics.
Finally, Speedometer 3.0 has added two text editing applications: a JavaScript code editor built with CodeMirror and a WYSIWYG editor built with TipTap . In both scenarios, it emulates the steps to create a new editable region, loading a large amount of text, and syntax highlighting or boldening text:
The addition of these new applications dramatically broadens the scope of what Speedometer 3.0 measures, and provide new opportunities for browser engines to optimize a broad spectrum of features like JavaScript, style, layout, graphics, and DOM.
Future Work
Today marks a remarkable milestone for the Web platform. Speedometer 3.0 sets a whole new standard for measuring web browser performance. As browser developers optimize their engines, this will expand the horizon of what Web developers can achieve in the years to come. Because the goal of the Speedometer benchmark is to reflect the real-world Web as much as possible, we’re expecting this benchmark to evolve over time. We’ll be regularly updating the list of frameworks to be tested, and periodically updating the tested framework’s versions to reflect the real world usage. You can try Speedometer 3 benchmark on browserbench.org . If you have any feedback or questions, feel free to file issues on Github .
- a. Send us an email
- b. Anonymous form
- Buyer's Guide
- Upcoming Products
- Tips / Contact Us
- Podcast Instagram Facebook Twitter Mastodon YouTube Notifications RSS Newsletter
iOS 16.3 Now Available for Your iPhone With These 4 New Features
Apple released iOS 16.3 in late January following nearly six weeks of beta testing. The software update is available for the iPhone 8 and newer, and while it is a relatively minor update, it still includes a handful of new features, changes, and bug fixes.
Security Keys for Apple IDs
Apple does not plan to release its own hardware security keys. The feature relies on third-party security keys available from brands like Yubico, such as the YubiKey 5Ci , which has both Lightning and USB-C connectors for use with iPhones, iPads, and Macs.
Advanced Data Protection (Worldwide)
By default, Apple stores encryption keys for some iCloud data types on its servers to ensure that users can recover their data if they lose access to their Apple ID account. If a user enables Advanced Data Protection, the encryption keys are deleted from Apple's servers and stored on a user's devices only, preventing Apple, law enforcement, or anyone else from accessing the data, even if iCloud servers were to be breached.
All of a user's devices must be updated to software versions that support Advanced Data Protection in their country to use the feature. Outside the U.S., this includes iOS 16.3, iPadOS 16.3, macOS 13.2, tvOS 16.3, and watchOS 9.3.
Black Unity Wallpaper
Available in 41mm and 45mm sizes, the $49 band features the word "Unity" woven into the fabric with red, green, and black yarns that pay homage to the Pan-African flag, according to Apple. The band is available to order on Apple's online store.
Second-Generation HomePod Support
The new HomePod features two fewer tweeters and two fewer microphones than the original, an S7 chip for computational audio, a U1 chip for handing off music from an iPhone, and a new temperature and humidity sensor. The speaker remains controlled with Siri and supports Matter for compatibility with HomeKit and other smart home accessories.
The new HomePod can be ordered on Apple's online store for $299 in the U.S. and select other countries, with white and midnight color options available.
iOS 16.3 Release Notes
This update includes the following enhancements and bug fixes: - New Unity wallpaper honors Black history and culture in celebration of Black History Month - Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key as part of the two factor authentication sign in process on new devices - Support for HomePod (2nd generation) - Emergency SOS calls now require holding the side button with the up or down volume button and then releasing in order to prevent inadvertent emergency calls - Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards - Addresses an issue where the wallpaper may appear black on the Lock Screen - Fixes an issue where horizontal lines may temporarily appear while waking up iPhone 14 Pro Max - Fixes an issue where the Home Lock Screen widget does not accurately display Home app status - Addresses an issue where Siri may not respond properly to music requests - Resolves issues where Siri requests in CarPlay may not be understood correctly
iOS 16.3 can be installed in the Settings app under General → Software Update.
Get weekly top MacRumors stories in your inbox.
Popular Stories
iPhone 16 Pro Expected Later This Year With These 12 New Features
Alleged iOS 18 Design Resource Reveals visionOS-Like Redesign [Updated]
Apple Card Savings Account to Receive First-Ever Interest Rate Decrease
What to Expect From iOS 17.5
Apple Says iPhone 6 Plus Now 'Obsolete' and iPad Mini 4 Now 'Vintage'
Apple Exploring 'Mobile Robot' That 'Follows Users Around Their Homes'
Best Buy Introduces All-Time Low Prices on Apple's M3 MacBook Pro for Members
Apple Researchers Reveal New AI System That Can Beat GPT-4
Next article.
Our comprehensive guide highlighting every major new addition in iOS 17, plus how-tos that walk you through using the new features.
App Store changes for the EU, new emoji, Podcasts transcripts, and more.
Get the most out your iPhone 15 with our complete guide to all the new features.
A deep dive into new features in macOS Sonoma, big and small.
Revamped models with OLED displays, M3 chip, and redesigned Magic Keyboard accessory.
Updated 10.9-inch model and new 12.9-inch model, M2 chip expected.
Apple's annual Worldwide Developers Conference will kick off with a keynote on June 10.
Expected to see new AI-focused features and more. Preview coming at WWDC in June with public release in September.
Other Stories
2 days ago by MacRumors Staff
6 days ago by Tim Hardwick
6 days ago by Juli Clover
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
#protect2024 Secure Our World Shields Up Report A Cyber Issue
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094 . XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.
CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA.
See the following advisory for more information:
- Red Hat: Urgent security alert for Fedora 41 and Rawhide users
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts
We recently updated our anonymous product survey ; we’d welcome your feedback.
Related Advisories
Cisa releases one industrial control systems advisory, cisa publishes new webpage dedicated to providing resources for high-risk communities, cisco releases security updates for multiple products, apple released security updates for safari and macos.
COMMENTS
Safari 16.3*. Released February 13, 2023. WebKit. Available for: macOS Big Sur and macOS Monterey. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268.
Safari 16 ships with iOS 16, and is available as an update on macOS Monterey and macOS Big Sur. CSS New Features. Added size queries support for Container Queries. ... Safari 16.3 Release Notes. Released January 23, 2023 — Version 16.3 (18614.4.6) Safari 16.2 Release Notes.
Learn about changes for Safari for iOS and macOS, Web Inspector, WebKit view for iOS and macOS, and Safari view for iOS. ... Safari 16.3 Release Notes. Released January 23, 2023 — Version 16.3 (18614.4.6) Safari 16.2 Release Notes. ... visit News and Updates . Light. Dark.
To install the iOS 16.3 update on your iPhone or iPad, first head over to the Settings app. Tap General. Tap the Software Update tab. Tap Download and Install. Enter your passcode. Tap Agree. Tap ...
Reddit. Monday's software updates fix an array of security issues in macOS, iOS, and iPadOS, including one affecting Safari's WebKit that was being actively exploited. Apple introduced small ...
The iOS 16.3 and iPadOS 16.3 updates address a long list of security vulnerabilities with Safari, Weather, Mail, Screen Time, the kernel, and more. Other New Features Know of a new feature in iOS ...
Safari 16 is out with tab group start pages, cross-device syncing, and more. Learn how to upgrade and enjoy the new features on MacRumors.com.
Download the latest Safari Technology Preview to stay at the forefront of the web platform and to use the latest Web Inspector features. You can also read the Safari 16.3 release notes. Updating to Safari 16.3. Safari 16.3 is available for macOS Ventura, macOS Monterey, macOS Big Sur, iPadOS 16, and iOS 16. You can update to Safari 16.3 on ...
Safari 16.3. Released January 23, 2023. WebKit. Available for: macOS Big Sur and macOS Monterey. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved checks. WebKit. Available for: macOS Big Sur and macOS Monterey. Impact: Processing maliciously crafted web ...
The iOS 16 Safari update builds on the Tab Groups feature introduced in iOS 16, plus it adds some much-needed quality of life improvements and security enhancements.
The security patches in iOS 16.3.1 resolve a pair of vulnerabilities related to the kernel and Safari's WebKit engine. To install iOS 16.3.1 on your iPhone, go to Settings → General → Software Update, then hit Install Now or Download and Install. To apply the update, you must enter your iPhone's passcode and the device must be connected ...
Apple's iOS 16.3 security page discloses that the update contains 13 security patches. These are spread across multiple areas, including the kernel, Mail, Maps, Safari, Screen Time and Weather apps.
Apple said the issues affect iPhone 8 models and later. It also released macOS 13.2.1, iPadOS 16.3.1 and Safari 16.3.1 security updates.. Your iPhone Face ID is vulnerable:Change the Face ID ...
The iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates all patch an "actively exploited" arbitrary code execution vulnerability in WebKit/Safari, and a second kernel vulnerability that isn't ...
March 27, 2024. Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4.1. macOS Sonoma 14.4.1.
Safari 16.2 is available for macOS Big Sur, macOS Monterey, macOS Ventura, iPadOS 16.2, and iOS 16.2. ... Safari 16.3 Release Notes. Released January 23, 2023 — Version 16.3 (18614.4.6) ... To view the latest developer news, visit News and Updates . Light. Dark. Auto.
Among the issues fixed in iOS 16.3 are three in WebKit—the engine that powers Apple's Safari browser—and three in the Kernel at the heart of the iOS operating system, according to Apple's ...
As announced on browserbench.org today, in collaboration with other browser engine developers, Apple's WebKit team is excited to introduce Speedometer 3.0, a major update that better reflects the Web of today.It's built together by the developers of all major browser engines: Blink, Gecko, and WebKit with hundreds of contributions from companies like Apple, Google, Intel, Microsoft, and ...
Black Unity Wallpaper. Apple recently released a new, special-edition Black Unity Sport Loop for the Apple Watch Series 4 and newer in celebration of Black History Month. As part of iOS 16.3 ...
Release Date. CISA released one Industrial Control Systems (ICS) advisory on April 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People's Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders.Partners of this publication include:
March 26, 2024. CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal ...
Release Date. March 29, 2024. CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected ...