Sandboxed apps are given their own “sandbox” that they can “play in” to prevent them from accessing files used by other apps or from making changes to a device. Since all third-party apps available for the iPhone in the App Store must be sandboxed, the only way to install the unsandboxed apps that could exploit the vulnerability would be to sideload apps on the iPhone which Apple does not allow.
The iOS 16.3 update killed off some software flaws
So if iPhone users weren’t at risk, why did Apple include the fix in iOS 16.3? Because the codebase for macOS is shared by iOS, iPadOS, tvOS, and watchOS, Apple decided to include the fix in all of the updates it released last week.
So there you have it folks. Your iPhone handsets were never at risk, and Brazilians ordering food from the iFood app were not allowing attackers to get your location data. Perhaps you’ll be able to sleep better tonight.