Share This Article
Apple has clarified that the recent security update in iOS 16.3 has fixed a bug in Apple Maps that could have potentially allowed an app to bypass privacy preferences. In a statement to 9to5Mac, the tech giant stated that iPhone users were never at risk due to this vulnerability, which could only be exploited from unsandboxed apps on macOS.
Additionally, Apple refuted a recent report that claimed a Brazilian food delivery app was accessing user locations without permission in iOS 16.2. The report didn’t make it clear if the app, iFood, was exploiting the aforementioned Apple Maps vulnerability or something different, but Apple’s investigation concluded that the app was not circumventing user controls through any mechanism.
Apple believes in giving users control over their data and has emphasized that the privacy vulnerability was only present in unsandboxed apps on macOS. The codebase that was fixed is shared by multiple Apple operating systems, including iOS, iPadOS, tvOS, and watchOS, which is why the fix and advisory were propagated to those systems as well, even though they were never at risk.
The Apple Maps privacy bug was reported to Apple through its Security Bounty program, which encourages security researchers to submit their findings and offers rewards for helping protect the security and privacy of users.