Additional notes about various security patches were added to iOS 16.3 shortly after being removed from Apple’s signed operating systems — an unusual move for the company.
A Twitter user named @aaronp613, who is a customer experience lead at a jailbreaking website called Havoc Repo, pointed out the new security note changes. He discovered new CVEs were added to a range of update notes on February 20th.
The common patch between many of these updated notes was one for CVE-2023-23524, shared by David Benjamin of Google Chrome. It enabled a denial of service from processing a maliciously crafted certificate, and it was addressed with improved input validation.
As Aaron pointed out, Apple just removed iOS 16.3 from its signed updates, meaning users can’t downgrade from iOS 16.3.1 anymore. Shortly after this unsigning, Apple then added the patch notes to its website.
This may just be a coincidence, as Apple routinely stops signing updates shortly after a new version comes out. These notes may have been withheld to ensure the patch actually worked before making iOS 16.3.1 the only signed version.
With the release of iOS 16.3.1 and the other recent operating system updates, users don’t need to worry about these security issues. They’ve been patched and reviewed in the wild, so users should feel safe updating to the latest operating systems to ensure protection from these known security issues.