Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals
31 comments

iOS 16.1.1, iPadOS 16.1.1, and macOS 13.0.1 Ventura Plug Two Security Holes

Apple has released iOS 16.1.1, iPadOS 16.1.1, and macOS Ventura 13.0.1 to close a pair of severe security vulnerabilities in libxml2 (a software library for parsing XML documents). Both allow a remote user to “cause unexpected app termination or arbitrary code execution.” Needless to say, it’s seriously problematic when a remote user could do such things. The saving grace is that the vulnerabilities were discovered by Google Project Zero and aren’t being exploited in the wild.

You can update to iOS 16.1.1 and iPadOS 16.1.1 in Settings > General > Software Update and update to macOS 13.0.1 in System Settings > General > Software Update. If your devices are running 16, iPadOS 16, or Ventura, you should update as soon as possible to fix these security issues. Apple hasn’t released security updates for its older but still supported operating systems; we don’t know if they’re immune or if those updates are coming soon.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 32 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About iOS 16.1.1, iPadOS 16.1.1, and macOS 13.0.1 Ventura Plug Two Security Holes

Notable Replies

  1. Hmmm… My M1 16" MBP said I’m up to date with 13.0

  2. Apparently, macOS 13.0.1 also fixes the Full Disk Access bug that we wrote about in “Ventura Bug Disables Real-Time Security Software”.

  3. So with 16.1.1 out I finally made the transition to iOS 16. What I like is not a lot of change. What I really like is the battery percentage indicator I get on my 12 mini. Why wasn’t that always an option? This is the one feature I really really really enjoy about iOS 16. Does that make me a bad person? :laughing:

    On a more serious note, am I being dumb about it or is there no way to change the order of the various wallpaper presets?

  4. I don’t think there is, but that’s probably because it will keep finding and adding new ones beyond the first set it shows you. It’s a neat feature.

  5. I’m talking about my various wallpaper sets, not anything Apple is providing. Those now get displayed in the order I created them and I see no way to change that order. It’s a bit annoying because the order in which I created them is not the order in which I’d want to access them when changing.

  6. My M1 MacBook Air wouldn’t show me the update at first either, but once I restarted, it appeared.

    Ah! I thought you were talking about the Lock Screen wallpaper that chooses different photos for you… Perhaps you can explain more about which wallpaper sets you’re referring to?

  7. Settings > Wallpaper

    Tried tap and hold, but that does not allow changing sort order.

  8. You can’t rearrange them. You can delete and recreate in the order that you want, though.

  9. Ugh. Bummer. Thanks though.

  10. It’s a brand-new feature, and I wouldn’t be surprised if Apple has a way to rearrange them in the future, as they do watch faces on Apple Watch in the Watch app.

  11. I can’t believe even in Ventura and even after this first bug fix Apple still hasn’t managed to fix the App Store notification. If you click on it, still nothing happens. How hard is it to have that click just open the friggin App Store? WTH, Apple?

  12. Welcome to the Software Update casino, where it’s a toss of the dice to see if it’ll give you any updates or not…

  13. Re 13.0.1 Ventura
    RE disable security software. Much more to that issue- as follows
    Using a 2018 mac mini as backup for a 2020 mini with M1. I have been using apple since Apple Plus. Upgraded 2018 to Ventura to determine if I want to upgrade my 2020 M1 Mac Mini running Monterey
    Short answer is NOT YET. Spent hours/days untangling Safari and Apple mail issues. Short version of what I have found so far. Been using Nord VPN from time to time on 2018. Turns out that is a major problem with both Apple mail and Safari EVEN WHEN TURNED OFF ( or disabled ) In my case after two reinstalls of 13.0.1 I found
    A- To get Safari to work must have VPN loaded on login. Even if VPN not turne on.
    B- Even after starting- reloading Ventura AFTER clearing all email accounts ( I use mainly gmail ), one cannot add back email from scratch even when using Firefox browser as default. Ditto for Safari. But if you load VPN at logon, restart once or twice with VPN loaded, then Safari works, and applemail works, and mostly normal. Prior use of VPN ( in this case Norton ) seems to require loading at logon basic VPN. Without doing that, trying to use Safari OR reloading Applemail gives a ’ cannot load website or not authorized or similar response.
    C_Before installling Ventura , re installing or using recover, remember- write down the FIRMWARE password, plus your apple id password, and turn off/unload any other software /malware/virus /network protection and/or unload it to be reinstalled later. Which means write down all necessary access passwords and names needed to reinstall.
    D-Bottom line - the new protections in Ventura seem to be causing all sorts of issues. While one MAY be able to add such protections back AFTER upgrade, be very careful and do it one by one. I have yet to figure out how to use Safari in Ventura after having in the past used a VPN despite unloading it all- such that currently- I MUST reload my VPN such that it is loaded on login but not turned on. So what happens when my subscription runs out for example ?

    E- Turn off apple firmware protections - ALL of them before install Ventura-

    The above MAY be unique to my Intel 2018 mac mini running Monterey before install of Ventura, but I am not ready yet to try on my M! mini.
    BTW Time machine on Monterey is worse than awkward re previous backups or new
    decided to stick with CCC backups.

    Nuff for now

  14. After reading on TidBITS about the latest security fixes in IOS, IPadOS and MacOS, I hastened to install them all on my iPhone 13, iPad Pro and 14” M1 MacBook Pro. Now I’m dealing with AppleCare over a suddenly-wonky keyboard character set on the Mac that I can’t seem to change, and the AppleCare rep insists that Ventura 13.0.1 is a beta, not publicly released software. She’s having me reinstall Ventura from scratch (it’s happening as I write this) and I’m betting that it will turn out to be Ventura 13.0.1 all over again — because that IS the latest public release, isn’t it? And 13.1 is the beta, right? So after years of great experiences with AppleCare, I’m apprehensive that it has started to slip.

  15. Sure enough, 13.0.1 is what you get now when you reinstall Ventura, and my keyboard issue isn’t fixed.

  16. I assume you have tried the keyboard choice found in system prefs, and also choice can be made in logon? I’m running 13.0.1 on my 2018 mini and after a few go arounds previously described here, it SEEMS to now be working OK. IF you havent done so, get into SAFE mode on your M1 ( by holding power button and when choice of startup appears, hold shift key and hit continue.

    Then go and check security features, maybe turn all off ( may need to know or set your FIRMWARE password and/OR recovery key ( 24 characters as I recall ) turn off ALL software with network, computer, malware, etc security virusprotection features.
    Then reinstall - OR try checking keyboard choices after restarting in normal mode.
    IF that works, then one by one re install or reapply security features at least to medium level re firmware.

  17. Thanks, Bartdog. It turned out I had to delete all the language options from the keyboard input settings except U.S., and that resolved it.

  18. iOS 16.1.1 has broken my lock screen. The clock display is now huge and ugly. The instructions I can find online only suggest that if I make a new lock screen I’ll be able to adjust the clock’s font. I’ve had this image and ICE info for 15 - 20 years - it works for me. Any suggestions?

  19. Ray

    As far as I can tell, when you have only one screen, you have to make a new screen to change anything. I am hoping this changes in an update.

  20. Go to Settings → Wallpaper. Create a new wallpaper set. Assign your current image to the lock screen. Assign whatever you’re using for your home screen to that screen:

    Once it is created, you can customize the screens. From there, you can customize the date-line, the time font, and add other widgets:

    You can’t make the time-font any smaller, but you can select one that maybe looks better.

  21. This is exactly right. The issue is not configuring a new screen.

    The problem is that people have to recreate the one they had first.

    This is a bummer because a) not everybody will easily find that one image they used many moons ago and perhaps more importantly, b) you’ll lose the crop/edit you originally did.

    It’s plain silly that Apple won’t provide for editing new screen features on top of existing, IOW without recreating the existing first.

  22. When I did this on my phone (after upgrading from 15 to 16.1), there was a “Customize” button on the legacy wallpaper screen. Tapping it brings up a panel where you are asked to make a copy before editing.

    The copy has the same lock-screen image, and can be edited.

    The problem here, unfortunately, is that there is a bug where the lock screen image is used for both the lock screen and the home screen in the copy. So you still need to fix up one of the screens. But not necessarily both of them.

  23. When you hit customize on your original wallpaper your only option is “Add New” and then you’re dumped into the generic lock screen editor. There is no option to retain the original image with its edits and crops. At least there isn’t here on 16.1.1.

  24. Strange. I clicked that same “Add New” button, but the editor that popped up had my original lock (but not home) screen image pre-loaded.

    Maybe it’s because I have the image in my phone’s Photos library? Maybe it’s different if the image isn’t available anywhere other than that legacy lock screen.

  25. Make sure the image itself is in Photos assuming you still have the original. Then make a new Lock Screen, set the clock as wanted, and add the picture…or you could add several pictures if wanted. I also made an image with if lost numbers on it…there used to be an app that would add them but the last time I updated I just did it with Photoshop to add the text to the jpg file. Unfortunately…they made the iPadOS Lock Screen huge clock font too…and it can’t be changed, hopefully they’ll fix that.

  26. I was not able to copy mine. While I still had it on my phone, I couldn’t seem to crop it the way it had been so I found a similar one to use.

    The wallpaper was a whole other story. It had been a random picture I took over the river on a bike ride a few years back. I’m sure it’s still on my phone but I couldn’t find it again.

    Diane

  27. Thanks for all the suggestions. I guess I’ll be cooling my heels as I wait to see whether Apple returns control over the offending feature.

  28. Updated to iPadOS 16.1.1 two days ago and discovered Face ID was not working. After some internet searching found the Apple Support routine for resolving the problem and followed it. This resulted in a message advising me to bring the 3rd Gen iPad Pro to an Apple repair shop. At that point I looked at the Face ID settings and clicked the Reset Face ID. That resulted in a new set up Face ID process which I followed and once again I have Face ID without bringing the 3 year old iPad in to the shop.

  29. My MacBook Pro (14-inch, 2021) M1 is still running Monterey 12.5.1. Worth upgrading? Do I gain actually useful new features?

  30. I’d go to at least macOS 12.6.1 Monterey.

    Personally, I don’t upgrade to major new versions of macOS based new features. It’s an operating system, and I use apps to get my work done. As long as my apps work, I’m happy, and there’s little in the operating system that makes a difference to my productivity.

    That said, it’s always important to upgrade eventually for security and compatibility reasons. Perhaps wait until the next feature release of Ventura, probably early next year.

  31. I ended up upgrading. It didn’t take long. The only software I needed to upgrade was MsgFiler for Mail. I don’t see the purpose yet though. I don’t understand Stage Manager yet, but maybe I’ll turn that on again later and see if I can figure it out. .

    Overnight my Mac restarted “because of a problem” so I’ll need to login again to all my Terminal shells at remote servers, which is a nuisance.

    Mail seems faster maybe?

    Thanks.

Join the discussion in the TidBITS Discourse forum

Participants