All parents should update their child’s iPad to fix this scary Screen Time flaw

For most kids, iPadOS updates are more of a nuisance than a necessity. But parents will want to make sure the latest iPadOS 16.3 update is installed on their kids’ tablets for one reason in particular. Apple has included 12 security updates in the latest iOS and iPadOS update, a relatively small number after iOS 16.1’s three dozen fixes. But among the usual WebKit, Kernel, and Safari patches is one we’ve never seen before: Screen Time.

Screen Time is Apple’s tool for restricting access to content, apps, and features, and limiting the time when the device can be used. Part of the Settings app that can’t be uninstalled, it’s the best way for parents to keep tabs on their kids’ tablet use. According to Apple’s security content page, the iPadOS 16.3 update includes the following update for the feature:

Screen Time

  • Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access information about a user’s contacts
  • Description: A privacy issue was addressed with improved private data redaction for log entries.
  • CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

With access to contacts, a hacker could impersonate someone your child trusts or contact someone on their behalf. This update closes the security hole that could allow that breach. Apple doesn’t explain how an attack could occur if the flaw is exploited.

The security update is also included in the iOS 15.7.3 and iPadOS 15.7.3 update that also arrived this week as well as the latest macOS Big Sur, Monterey, and Ventura updates.

Source : Macworld