iOS 16.3.1, iPadOS 16.3.1, macOS 13.2.1 Ventura, watchOS 9.3.1, tvOS 16.3.2, and HomePod Software 16.3.2 Fix Bugs and Security Vulnerabilities
Apple has once again pushed out updates to its entire family of operating systems, fixing bugs and addressing security vulnerabilities. Because one of these vulnerabilities—a bug in WebKit that could allow maliciously crafted Web content to execute code—is being actively exploited in the wild, we recommend installing all these updates immediately.
Details, such as they are, include:
- iOS 16.3.1: Apple says this update fixes a problem with iCloud settings displaying incorrectly or being unresponsive if apps are using iCloud, addresses an issue that prevented Siri requests for Find My from working, and improves Crash Detection on the iPhone 14 and iPhone 14 Pro models. With luck, Crash Detection will now stop triggering false alarms for skiers. iOS 16.3.1 also plugs two security vulnerabilities: the actively exploited WebKit vulnerability and another in the kernel.
- iPadOS 16.3.1: Unsurprisingly, iPadOS 16.3.1 gets the same bug and security fixes as iOS 16.3.1, minus the Crash Detection optimizations.
- macOS 13.2.1 Ventura: Apple doesn’t share any details about bugs fixed in Ventura but calls out three security fixes, the two previously mentioned and another in Shortcuts.
- watchOS 9.3.1: Apple hasn’t published release or security notes for watchOS 9.3.1 yet, but it’s a safe bet they won’t include anything surprising.
- tvOS 16.3.2: Nothing to see here—Apple merely says this update includes “general performance and stability improvements” and hasn’t yet published security notes. tvOS 16.3.1, which Apple quietly released a week ago, had the same release notes.
- HomePod Software 16.3.2: Apple didn’t describe last week’s HomePod Software 16.3.1, but 16.3.2 includes a fix for a bug where asking Siri to control smart home accessories could fail, along with general performance and stability improvements. There are no security notes for this update.
Any details on this?
MacRumors is saying Apple is “aware of a report that this issue may have been actively exploited.”
Aware “of a report that it may have been” is to me very different from saying “we know it has been”.
Before people are being scared into installing something on their production systems only minutes after it has come out, we should make sure there is actually a truly pressing concern. Otherwise, many users will likely be better off waiting a day or two to ensure reliability of this patch is better than much of what Apple has released lately.
Interesting that there is a mention of a standalone Safari 16.3.1 update on Apple’s Security Updates page being available for Big Sur & Monterey users but NO download link! I checked to see if it showed up in Safari 16.3 on my MacBook Pro: Nope. Even checked on Apple’s downloads and updates pages but nothing mentioned there.
This is standard wording that Apple always uses, for whatever reason. I think you should simply assume that they and/or the person that discovered the vulnerability has observed an existing threat which at least attempts to exploit it. Standard security related practices will normally never include details, but sometimes another malware researcher will later provide more details.
Apple hasn’t been posting separate document and download links for Safari updates in recent years. They have moved the function to Software Updates which has been somewhat unreliable for all updates recently.
This just in. Describes the risk to home users as Low. Large Government and Businesses are High and the apparent target of the threat.
Beware Folks - This update has hosed the power over USB connectivity of my Focusrite Clarett2 audio interface. Not Good! (this is a first where an Apple Security disabled my peripherals). working on figuring it out - but this is not a good use of my time. (says it want more power which can be provided with a wall wart - however - this is on Apple…)
I received an email from Apple Feedback regarding the loss of being able to use my Pioneer USB drive after upgrading to 13.2 stating “There are changes in the latest update, build 22D68 (macOS Ventura 13.2.1), that may have resolved this issue.”
Sure enough, this has fixed the issue. I am again able to use my drive.
I wonder if it fixes the broke filesharing too.
I have the Safari 16.3 update in Software Updates on my Big Sur 11.7.3 system.
This isn’t bothering me all that much - I can wait a few days for sure - but I am finding it a little strange that checking software update in Settings | General in Ventura on my M2 MBA keeps saying that I am up-to-date with 13.2.
When I tried to apply the Ventura update to my test volume, it asked for my password, but would not accept it after several very careful attempts. Then I tried every password I have ever used for a desktop. No install. My patience with Ventura is very short, and does not include any of the likely extensive research, and likely unsuccessful solutions to that. I formatted it. I suppose that qualifies as a security update too.
Same here, but try restarting.
Just to followup - Clarett2 comes with a power supply that will “repower” your interface over USB. I worked a little bit -over chat- with Focusrite to get a consistent USB power result (switching cables/ports many restarts) but so far it’s inconsistent. Shut Down (rather than restart) -had better results (all USB trouble shooting should include full shut downs not just restarting)
Yesterday my wife’s iPad and iPhone were updated to 16.3.1. After that, when she trashed emails in her Gmail account, the change didn’t propagate to her other device, or to Gmail in a web browser. The “Trash” icon also changed into a different icon which neither of us recognized.
Apparently the 16.3.1 update caused Settings >> Mail >> Accounts >> Gmail >> Account >> Advanced >> “MOVE DISCARDED MESSAGES INTO:” to change from “Deleted Mailbox” to “Archive Mailbox”.
Restoring that one setting to “Deleted Mailbox” fixed the problem.
Fwiw, this is the default setting when you add a gmail account to iOS or iPadOS. I wish it wasn’t, but I believe it’s Google’s preference. It’s one that I always change if I set up a new account, though.
Wow. I’ve been looking for this for so long! Basically, that toggle affects what controls you see in the Mail app. If it’s set to “archive”, then UI elements which are “Delete” for normal accounts (the button at the bottom of the message screen, the primary button when you left swipe) are changed to “Archive” for the GMail account.
FWIW, this didn’t happen for me. There could be any number of reasons why, but my first thought is that you might have had some kind of internally corrupted configuration that it couldn’t migrate forward, so it reset that preference to its default setting.
There are also preferences on the server-side that come into play. On the GMail settings page the POP/IMAP, it includes:
As for Google preferring archive over delete, you would be correct. Although I can’t seem to find a source at this time, I remember that when GMail was new, they were telling you something along the lines of “why bother deleting e-mails when you have so much storage?”.
And I’ll admit that it can be helpful to have a massive backlog of old mail when you need to look up something, but I’ve generally found that if I don’t need it in the next 30 days (the amount of time something remains in the trash before it’s purged), I probably don’t need it at all.
But the more suspicious among us know what’s really at stake here - more mail means more data for building a profile, which they can sell to spammers (and others).
What I’m looking for is the Safari 16.3.1 update for Safari on Monterey 12.6.3.
Where are you seeing this now? There is no mention that I can find on Apple security updates - Apple Support. The information I have (and have personally experienced) is that it is only available for Big Sur and only after one updates to macOS 11.7.4.
There was some incorrect information available initially when a new build of Safari 16.3 was released that it was a 16.3.1 version, but that was corrected with an asterisk in these release notes: About the security content of Safari 16.3 - Apple Support. If you have the build number shown for Monterey, then you are up-to-date.
Yes, Al that was where I saw it. I just checked Safari on the MBP that has Monterey and it looks like I have the correct build of 16.3.
Join the discussion in the TidBITS Discourse forum