Apple has released iOS 16.0.3, fixing several bugs and a security issue for iPhone users running the latest software. According to Apple’s release notes, iOS 16.0.3 provides bug fixes and “important security updates.”
The only iOS 16.0.3 security patch listed on Apple’s support page is an issue tracked as CVE-2022-22658. According to Apple, the iPhone vulnerability patched in iOS 16.0.3 is a denial of service issue in the Mail client. In order to become a victim of the iPhone bug, you’d have to interact with a maliciously crafted email.
The release of iOS 16.0.3 follows major security updates—iOS 15.7 and iOS 16—both for flaws that have already been exploited by attackers.
Compared to these vulnerabilities, the flaw fixed in iOS 16.0.3 does not appear to be a major issue for your security—denial of service is mostly just annoying, as it means the service will crash.
In terms of severity, iOS 16.0.3 is “pretty far down the list,” says Sean Wright, an independent security researcher. He says exploitation of the vulnerability within the iOS email client “is more likely to be an annoyance” than a major risk to your security.
But at the same time, researchers at security vendor Sophos suggest the bug could cause further issues, so if you are running iOS 16, it’s still a good idea to update when you can. “So-called denial-of-service are often regarded as the lightweights of the vulnerability scene, because they generally don’t provide a pathway for attackers to retrieve data they’re not supposed to see, or to acquire access privileges they shouldn’t have, or to run malicious code of their own choosing,” Sophos’ Paul Ducklin writes.
Any denial of service bug can quickly turn into a “serious problem,” he says, especially if it keeps happening once it’s triggered for the first time. “That situation can easily arise in messaging apps if simply accessing a booby-trapped message crashes the app, because you typically need to use the app to delete the troublesome message.
“And if the crash happens quickly enough, you never quite get enough time to click on the trash-can icon or to swipe-delete the offending message before the app crashes again, and again, and again,” Ducklin adds.
Bugs fixed in iOS 16.0.3
Among the bugs fixed in iOS 16.0.3 are an issue where incoming call and app notifications might be delayed on an iPhone 14 pro or iPhone 14 Pro Max. Apple also fixed a bug which saw low mic volume during CarPlay phone calls on the iPhone 14. Meanwhile, iOS 16.0.3 fixes a camera issue in the iPhone 14 Pro and Pro Max where the service may be slow to launch.
It’s only a month since the launch of iOS 16, and Apple is already issuing multiple bug fixes and security updates. While on the face of it, iOS 16.0.3 certainly isn’t as urgent as previous security updates, the regularity of fixes is welcome.
You know what to do—go to your iPhone Settings > General > Software Update and install iOS 16.0.3 when you can.