iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 Address Serious Security Vulnerabilities, Fix Bugs
Just 11 days after releasing a spate of updates to its operating systems (see “Apple Releases iOS 16.4, iPadOS 16.4, macOS 13.3 Ventura, watchOS 9.4, tvOS 16.4, and HomePod Software 16.4,” 27 March 2023), Apple has pushed out quick updates to iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1 with a smattering of changes.
Why the quick release? The security notes say that the updates block two vulnerabilities Apple says are being actively exploited in the wild. One vulnerability would allow an app to execute arbitrary code with kernel privileges; the other could allow maliciously crafted Web content to execute arbitrary code.
I’m reading between the lines here, but the fact that Apple credits “Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab” suggests to me that these vulnerabilities might have been leveraged by governments using the NSO Group’s Pegasus or similar software to target activists or journalists (see “Apple Lawsuit Goes After Spyware Firm NSO Group,” 24 November 2021).
Apple took the opportunity to fold in a few bug fixes as well. All three operating systems now properly show the skin tone variations for the pushing hands emoji. iOS 16.4.1 and iPadOS 16.4.1 also address a problem that caused Siri to fail to respond in some cases, and macOS 13.3.1 resolves an issue that could prevent you from using Auto Unlock with your Apple Watch.
If my supposition about activists being targeted is correct, the exploits may be aimed mostly at high-value targets. Nevertheless, I recommend that you install these updates right away. It’s never a good idea to stick with operating system versions known to be vulnerable to active exploits. Plus, the Siri and Auto Unlock fixes are sufficiently welcome on their own.
As I predicted in the original version of this article, Apple subsequently released additional updates for its older operating systems: see “Safari 16.4.1” (7 April 2023), “iOS 15.7.5 and iPadOS 15.7.5 Address Serious Security Vulnerabilities” (10 April 2023), and “macOS Monterey 12.6.5 and Big Sur 11.7.6” (10 April 2023). Update everything you have.
Animated GIFs no longer cause the Quick Look crash I noticed after the upgrade to Ventura 13.3. Pretty fast bug fix! I daresay I’m not the only one out there who uses Quick Look very heavily in my work flow. I’m going to take a minute to wonder at how GREAT Quick Look is for anyone who uses graphics. When I found out I could use Quick Look in open and save application dialog boxes I was truly amazed.
Appears it was only fast because Apple needed to get this emergency security update out immediately.
I upgraded my computers & phone yesterday. This morning Siri got stuck buffering direct play of a radio station to a HomePod and directed me to the Home app, which I had set to “auto-update.” There I was admonished to “Upgrade” manually. I did, and now all is cool.
Wow - 21 new emoji!
So far everything seems to be working on iPhone & iPad.
BTW - the previous update turned on auto-updates for some of my devices.
I and at least a couple of folks on Apple Communities had iOS 16.4.1 break the App Store. Updated apps would just sit there spinning and never successfully update. I tried the usual suspects, eventually even factory reset/restores which just made it worse: then every non-Apple app I had turned into a a spinning icon.
Finally backed out to 16.4 while I still could. That fixed it.
iPad OS did not have this symptom for me, at least.
(iPhone 12 mini and iPad 12.9 rev 1 respectively)
We don’t know enough about the threat posed by the two zero-day urgent updates contained in iOS 16.4.1 to say it’s more important to protect against them and do without the App Store for a few days, but worth considering.
Virtually all the non-Apple apps were spinning; might as well turn it off. “…do without for a few days?” You know about an Apple update we don’t?
How does one do this?
Hmmm, after I updated my iPhone 12 (took 30 minutes) I was told I had 7 apps to update. All updated just fine via the App Store.
You get the *.ipsw file for the iOS version you want to back up to from here:
Follow the instructions from here:
This is just the guide I used most recently. There are several sites that have instructions. The problem has become, that Apple quits (security) signing them so soon now. Currently, you can’t go back past 16.4 w/ Apples tools. To go back further, it appears you have to jailbreak now.
“30 minutes” - I envy you. Ultimately (after trying all the other usual suspects), I wiped my phone back to factory, reinstalled and was back where I started, f’ed up. I tried that three or four times (keeping count was just p’ing off more), then backed out to 16.4
Then I did the same drill on Ventura 13.3.1 on an external drive. What Ventura does to my Calendar is a sight to behold (but had me back it off my working drive w/ the first release. I’ve tested every update, filed new bug reports. More hours…
Trying to remember what USEFUL thing I’ve done on an Apple Device in weeks, months…?
Thank you, @Will_B.
You have my sympathy, FWIW.
I have been watching certain .MP4 files, saved on an SSD, on my iPad Pro 3rd generation, with no problems till about a few days ago. Then it was time for the 16.4.1 OS update which went through smoothly. Following this, since yesterday the same mp4 files on the same external flash drive / SSD started to be displayed as empty folder but with a .mp4 extension, instead of a video file. I’m not knowledgeable on the subject matter of codec but it appears that the folder denotes the MP4 container inside which the codec and other stuff went missing!!
Strangely though, the same files which I have thankfully preserved on the cloud, are nicely playing on the iPad. Shall be grateful if someone can help understand what’s going on.
By the way MKV files stored on the same SSD are playing perfectly fine.
Join the discussion in the TidBITS Discourse forum