Almost every IOS and MacOS Apple update includes many safety improvements to eliminate the main vulnerabilities. iOS 16.3 and MacOS Ventura 13.2, released in January, were no exception. Updates included corrections of a long list of problems, but two of them are especially interesting.
Center for advanced research TRELLIX
The first vulnerability (CVE-2023-23530), Trelix researchers found in the CoreDuetd process, which could be used to provide the attacker with access to the user calendar, targeted book and photographs. The second vulnerability (CVE-2023-23531)-in the OSLOGService and NSPredicate processes, which could be used to perform code in Springboard, providing attackers with access to the chamber, microphone, call history and many other data.
Data on these vulnerabilities were transferred to Apple, and the company quickly corrected the exploits in iOS 16.3 and MacOS 13.2 Ventura. Representatives of Trelix separately thanked Apple for quick work to eliminate problems.
Apple recommends that IOS and MacOS users update their software to the latest version, if this has not happened automatically.