Apple Releases iOS, iPadOS 16.1.1 and macOS 13.0.1
November 10, 2022 at 11:58 a.m.
Apple’s newest patches are finally available just 16 days after iOS 16.1’s release. The software updates fix some defects along with security flaws discovered by Google’s Project Zero. macOS 13.0.1 also addresses the same security concerns affecting iOS and iPadOS. tvOS and watchOS did not receive updates with this release cycle.
Apple is tight-lipped about which specific bugs have been remediated. At over one-third of a gigabyte in size, the iOS update undoubtedly contains many bug fixes for issues created with the 16.1 release.
Hopefully, Apple remedied the issue with the iPhone 14 Pro Max freezing. One of our staff was affected by this severe defect. It’s easy enough to work around, but seeing an iPhone freeze is about as comforting as watching a puppy cry. Luckily, no work was lost.
For those who suffered through poor Wi-Fi, Apple may have fixed the problem with iOS and iPadOS 16.1.1. Dynamic Island also experienced some cosmetic flaws Apple likely fixed in this release.
Security is the biggest concern with the joint 16.1.1 and macOS 13.0.1 releases. Since Google discovered these flaws, Apple had to admit to fixing them. With Apple’s silence about other bug fixes, one can only assume they quietly remediated other possible breaches.
Google’s Project Zero, which searches for security flaws in virtually every operating system, found two issues with iOS 16.1. Examining the defects, it’s clear they’re partially Apple’s fault. Both security flaws involve an open-source XML processing library used by Apple and many others, libxml2. Of course, if you include a code library in your compiled product, you are responsible for it. Abstraction has its consequences.
XML, or eXtensible Markup Language, is a cross-platform technology for self-describing data. Introduced way back in 1996, this still-useful technology is employed in practically every operating system and software application on the planet. It’s a way for apps and operating systems to communicate, set properties, and persist some forms of data.
One of the flaws could allow malicious users to execute code or terminate an app by overflowing integers. Most programming languages, including C, which libxml2 is written in, can accept a range within each data type. Integers between -2,147,483,648 and 2,147,483,647 are valid in C. With the flaw in libxml2, inserting a value beyond this range could crash an app or allow the execution of malicious code. Apple fixed this issue by checking for valid values before accepting input. Validation is often the core of cyber security.
The other vulnerability centered around freeing allocated memory. A malicious actor could release the same memory location twice, resulting in a crash or code execution. Apple resolved this issue by improving checks on freed memory.
Due to the online publication of these exploits, releasing solutions as soon as possible became an urgent necessity. Most bad actors couldn’t figure out these exploits on their own; however, hackers can target these flaws once published.
Appledystopia recommends that you install these new updates right away. While it’s unlikely that a hacker will compromise your iPhone, they’re well aware of the flaw now, so it’s best to run the software update as soon as possible.
Most iPhone, iPad, and Mac owners have automatic updates configured already. Your device will usually update itself overnight if you’ve opted in. Personally, I like to make sure an update is safe before I install it. I’ve regretted some iOS and macOS updates.
If you’re unsure of your update configuration, tap on Settings > General > Software Updates. From here, you can manually run the software update and turn on automatic updates.
My iPhone has automatic updates activated, but I’m still on 16.0.1. Apple admits that you will need to install some OS upgrades manually, even if you’ve selected automatic updates.
Whether you upgrade iOS, iPadOS, and macOS manually or not, Apple lets you opt into rapid installation of security fixes. Tap on Settings > General > Software Update > Automatic Updates and turn on Security Responses & System Files. You can review and modify other relevant update settings from this screen.