Apple has released iOS 16.0.3, fixing many bugs and a security issue for iPhone users operating the latest software. According to Apple’s release notes, iOS 16.0.3 provides bug fixes and “important security updates.”
The only iOS 16.0.3 security patch listed on Apple’s support page is an issue tracked as CVE-2022-22658. According to Apple, the iPhone vulnerability patched in iOS 16.0.3 is a rejection of service issue in the Mail client. In order to become a victim of the iPhone bug, you’d have to interact with a maliciously crafted email.
The release of iOS 16.0.3 follows major security updates—iOS 15.7 and iOS 16—both for flaws that have already been exploited by attackers.
Compared to these vulnerabilities, the flaw fixed in iOS 16.0.3 does not appear to be a major issue for your security—denial of service is mostly just annoying, as it means the service will crash.
In terms of severity, iOS 16.0.3 is “pretty far down the list,” says Sean Wright, an independent security researcher. He says exploitation of the vulnerability within the iOS email client “is more likely to be an annoyance” than a major risk to your security.
Researchers at security vendor Sophos suggest the bug could cause other issues, so if you are running iOS 16, it’s still a good idea to update when you can. “So-called denial-of-service is often regarded as the lightweights of the vulnerability scene because they typically don’t supply a pathway for attackers to recover data they’re not supposed to see, or to gain access privileges they shouldn’t have, or to run malicious code of their own choosing,” Sophos’ Paul Ducklin writes.
Any denial of service bug can fast turn into a “serious problem,” he says, especially if it keeps occurring once it’s triggered for the first time. “That situation can easily arise in messaging apps if simply accessing a booby-trapped message crashes the app because you typically need to use the app to delete the troublesome message”.
“And if the crash happens quickly enough, you never quite get enough time to click on the trash-can icon or to swipe-delete the offending message before the app crashes again, and again, and again,” Ducklin adds.
Along with the bugs fixed in iOS 16.0.3 are an issue where incoming call and app notifications might be stalled on an iPhone 14 pro or iPhone 14 Pro Max. Apple also fixed a bug that saw low mic volume during CarPlay phone calls on the iPhone 14. Meanwhile, iOS 16.0.3 fixes a camera issue in the iPhone 14 Pro and Pro Max where the service may be slow to launch.
It’s only a month since the release of iOS 16, and Apple is already issuing numerous bug fixes and security updates. While on the face of it, iOS 16.0.3 certainly isn’t as critical as earlier security updates, the regularity of fixes is welcome.
To download—go to your iPhone Settings > General > Software Update and install iOS 16.0.3 when you can.