2 min read

Apple Fixes New iPhone DoS Flaw in iOS 16.0.3

Filip TRUȚĂ

October 11, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Apple Fixes New iPhone DoS Flaw in iOS 16.0.3

Apple this week is rolling out an unexpected security update to fix what appears to be a relatively harmless flaw in the iPhone operating system’s mail application.

Available for iPhone 8 and newer models, the vulnerability could be exploited to crash the stock iOS Mail app.

“Processing a maliciously crafted email message may lead to a denial-of-service,” reads the description.

The flaw is addressed in iOS 16.0.3 with “improved input validation,” Apple says.

There's no mention of any other affected devices besides iPhones, suggesting the flaw isn’t present in iPadOS, the operating system powering Apple tablets.

The bug, tracked as CVE-2022-22658, seems minor. There don’t seem to be any active exploits for it in the wild, going by the advisory, and no one in particular is even credited for the discovery.

However, denial-of-service (DoS) flaws have been common on iOS. Properly exploited, some DoS bugs could repeatedly crash the phone, locking the user out. In this case, if the flaw were to be exploited, users could potentially lose access to their email.

DoS bugs can be dangerous

In January, researcher Trevor Spiniolas revealed that one such flaw could well be considered a ransomware attack vector for iPhones.

Spiniolas came out with his findings on Jan. 1, four months after he’d allegedly notified Apple of the bug. He decided to disclose it because Apple was allegedly too slow to address the issue, even claiming he’d warned the company weeks in advance that he’d speak up about it.

The rookie researcher developed an exploit and issued a working proof-of-concept (PoC) for a DoS attack that essentially froze the target device and sent it into a reboot loop, in what would lock victims out of their phones. Spiniolas dubbed the exploit ‘doorLock.’ Apple finally addressed the flaw in iOS 15.2.1, alongside other bugs.

Not just a one-fix update

iOS 16.0.3 isn’t an urgent update by any measure, but it does seem Apple wanted the fix out the door sooner rather than later – likely to ensure no exploits are eventually developed for this flaw.

The update includes a few other bug fixes as well. The patch addresses an issue with incoming call and app notifications failing to display properly on the latest generation of iPhones. A bug affecting microphone volume during CarPlay calls is fixed as well. And a kink in the Camera app causing sluggish behavior is also ironed out.

To apply the patch, simply navigate to Settings -> General -> Software Update, and choose to Download and Install the update.

tags


Author


Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like

Bookmarks


loader