iOS 16.3 was launched to most of the people final month, and amongst different new options, it additionally included quite a lot of safety updates. A kind of fixes addressed an Apple Maps privateness bug that would have allowed an app to “bypass Privateness preferences.”
In an announcement to 9to5Mac on Friday, Apple clarified that iPhone customers “have been by no means in danger” due to this vulnerability. The corporate additionally refuted a report that stated a Brazillian meals supply app was accessing person location with out permission in iOS 16.2.
iPhone’s lack of aspect loading saved it from Mac privateness bug
Apple says that the Maps vulnerability patched final week “might solely be exploited from unsandboxed apps on macOS.” The repair was included in all of Apple’s software program updates final week just because that codebase is shared by iOS and iPadOS, tvOS, and watchOS as properly.
“The suggestion that this vulnerability might have allowed apps to bypass person controls on iPhone is fake,” Apple says in its assertion.
With this clarification in thoughts, Apple additionally refutes a report that stated an iPhone app was caught exploiting a vulnerability to “bypass person management over location information.” That is in reference to a report from final week that stated iFood, one of many main meals supply apps in Brazil, was “accessing a person’s location in iOS 16.2 even when the person denied the app all location entry.”
In its accusation, final week’s report didn’t make it clear if iFood was exploiting the aforementioned Apple Maps vulnerability (once more, which might have solely been exploited on macOS), or one thing completely different. Regardless, Apple says that its “comply with up investigation concluded that the app was not circumventing person controls by way of any mechanism.”
Apple’s full assertion to 9to5Mac is under:
At Apple, we firmly consider customers ought to select when to share their information and with whom. Final week we issued an advisory for a privateness vulnerability that would solely be exploited from unsandboxed apps on macOS. The codebase that we fastened is shared by iOS and iPadOS, tvOS, and watchOS, so the repair and advisory was propagated to these working programs as properly, even if they have been by no means in danger. The suggestion that this vulnerability might have allowed apps to bypass person controls on iPhone is fake.
A report additionally incorrectly urged an iOS app was exploiting this or one other vulnerability to bypass person management over location information. Our comply with up investigation concluded that the app was not circumventing person controls by way of any mechanism.
The Apple Maps vulnerability patched final month was reported to Apple by an nameless researcher. The Apple Safety Bounty program encourages safety researchers to submit their findings to Apple. This system additionally gives rewards to safety researchers who assist Apple in its efforts to “defend the safety and privateness of customers.”
FTC: We use earnings incomes auto affiliate hyperlinks. Extra.
