0

I am using unpatched iPhone that has IOS 13.1.3 installed. Apple released IOS 13.1.3 15 Oct 2019.

  1. Are there any vulnerabilities for IOS 13.1.3's safari that are currently being exploited in the wild?

  2. Are there any publicly available modules for penetration testing tools such as metasploit that can exploit safari of IOS 13.1.3.

  3. Am I safe right now if I continue to browse the internet with outdated IOS 13.1.3?

Npxkytzv
  • 1
  • 2

2 Answers2

-1

iOS 13.1.3

iOS 13.1.3 includes bug fixes and improvements for your iPhone. This update:

• Addresses an issue that could prevent a device from ringing or vibrating for an incoming call

• Fixes an issue that may prevent opening a meeting invite in Mail

• Resolves an issue where data in the Health app may not display correctly after daylight savings time adjusts

• Fixes an issue where Voice Memos recordings may not download after restoring from iCloud Backup

• Addresses an issue where apps might fail to download when restoring from iCloud Backup

• Fixes an issue that can prevent Apple Watch from pairing successfully

• Resolves an issue where notifications may not be received on Apple Watch

• Fixes an issue where Bluetooth may disconnect on certain vehicles

• Improves connection reliability of Bluetooth hearing aids and headsets

• Addresses launch performance for apps that use Game Center

For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

Honestly, this information is just a search away. Most of the updates mentioned in this version are not directly related to fixing any such vulnerabilities/exploits as you mentioned. In such events, major security patches are usually deployed in a short span of time.

It is not dangerous to use your current version but I recommend you to use the latest version software when possible.

Even though some of the new features may not prove to be necessary, sometimes the small bug fixes/security patches can save you a lot of trouble in case of any unfortunate security breaches.

Ebenezar John Paul
  • 2,874
  • 14
  • 23
-1

That highly depends on your threat model. In some cases it is not safe to browse with a patched OS, let alone an unpatched one. You are far more aware about what you stand to lose. Don't base your threat model on what a privileged person in another country thinks you should be concerned about.

Having said that, exploitation in the wild can go undetected for long periods so references are usually only found after active exploitation. You should probably patch as it's unlikely to leave you in a less secure state.

wireghoul
  • 5,745
  • 2
  • 17
  • 26
  • Can I ask for some clarity around "it is not safe to browse with a patched OS"? – Alex Probert Jan 28 '20 at 10:21
  • There is a big market for exploits for latest version of $software or $phone. If you're a person of significant interest you might find yourself on the receiving end of a 0day exploit for which no patch exist. – wireghoul Jan 28 '20 at 16:06
  • A big reason why questions like is $x more secure than $y are pointless on this site is that everyone's threat model is different. A teenage girl with a big instagram follower base has a different risk profile to a 60 year old retired grand father. And having people guess what risk the OP is exposed to based on their own (often poor (ie fear of sharks)) understanding of their risk profile is likely to be ineffective or more damaging to the individual asking the question. – wireghoul Jan 28 '20 at 18:15