The release of the new version of iOS 16.3 was last month, and among other new functions, the update also included many security corrections. One of these corrections eliminated the confidentiality error Apple Maps, which could allow the application to “bypass confidentiality settings”.
In Friday, Apple explained that iPhone users have never been at risk because of this vulnerability. The company also denied the message that the Brazilian food delivery app was used to “bypass user control over the location data.”
Last week, report , which said that ifood, was published. One of the leading applications for the delivery of food in Brazil, “gained access to the user’s location in iOS 16.2, even when the user refused the application in such access.”
Full application Apple:
We in Apple are firmly convinced that users should choose themselves when and with whom to share their data. Last week, we released a warning of vulnerability, which can only be used in applications without a sandbox in MacOS. The base of the code that we corrected is used together with iOS and iPados, TVS and Watchos, so correction and recommendations were also extended to these operating systems despite the fact that they were never at risk. The assumption that this vulnerability could allow applications to bypass user control elements on the iPhone is false.
The report also mistakenly assumed that the iOS application used this or other vulnerability to circumvent user control over location data. Our subsequent investigation came to the conclusion that the application does not bypass user control means using any mechanism.
The anonymous hacker announced the vulnerability, which received from the company a reward under the Apple Security Bounty program. The company eliminated it in iOS 16.3 and MacOS Ventura 13.2.