Apple stops signing iOS 16.2

Apple now no longer allows downgrade from iOS 16.3. This comes together with the news that previous iOS releases were subject to exploit allowing to get user's location if that permission was not given to the application.

Apple did not disclose details of this exploit.

Maps

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

About the security content of iOS 16.3 and iPadOS 16.3

Apple Support: About the security content of iOS 16.3 and iPadOS 16.3

References:

Developer used iOS 16 exploit to change system font without jailbreak

The exploit which was fixed in iOS 16.2 provided a way for a developer to change system font on iPhone.

Zhuowei Zhang shared a story behind his proof-of-concept app. App itself is available as source code on GitHub.

Apple Support: About the security content of iOS 16.2 and iPadOS 16.2

GitHub: WDBFontOverwrite

Reference: Developer uses iOS 16 exploit to change system font without jailbreak

Cross-platform exploit targets Linux, Windows and macOS

New "SysJoker" cross-platform exploit now can infect machines with different OSes.

Interestingly, this exploit uses Universal Binary allowing it to run on Intel and Apple Silicon Macs. Code is signed with ad-hoc certificate. New certificates could be used in the future.

The files and directories created by SysJoker include:
/Library/MacOsServices
/Library/MacOsServices/updateMacOs
/Library/SystemNetwork
/Library/LaunchAgents/com.apple.update.plist

The persistence code is under the path LibraryLaunchAgents/com.apple.update.plist. If the files are found on a Mac, it is advised to kill off all related processes and delete the files.

AppleInsider

Reference: macOS, Windows, Linux all targeted by new cross-platform exploit

[UPDATED] RCE 0-day exploit found in log4j

Log4j is a popular Java logging package used by many backends.

Details of the vulnerability are available here, and according to reports, also libraries or solutions using Apache log4j (we are talking about Steam, iCloud or Minecraft servers) are also vulnerable. Solutions using the Struts library are also probably vulnerable.

Affected log4j versions: 2.0 <= Apache log4j <= 2.14.1