Table of contents
Apple released a security patch in iOS 16.3 to address a privacy issue related to Apple Maps. The bug was present on iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later, and would have allowed apps to bypass user privacy preferences.
Appears to Have Been Exploited
At least one app appears to have exploited the bug - Brazilian food delivery app iFood was found to be accessing a user’s location in iOS 16.2 even when the user had denied the app access to location data. It is unclear how long the vulnerability had existed, what other apps may have taken advantage of it, and how much location data may have been gathered. It is also possible that the bug was related to when a user granted an app location access and then revoked or limited it, with iOS failing to properly update the list of apps able to access location data. Apple has yet to comment on the issue, likely waiting until most iOS users have upgraded to iOS 16.3 (or a patched version of an earlier release).