Three days after launching iOS 17, Apple has issued iOS 17.0.1 with three essential safety patches. Notably, Apple says it’s conscious all the fastened vulnerabilities had been reported as being actively exploited.
Shortly after releasing iOS 17.0.1 together with iPadOS 17.0.1, watchOS 10.0.1, and extra with “essential bug fixes and safety updates,” Apple shared the vulnerability particulars on its safety web page.
3 actively exploited flaws fastened once more
Apple says that every of the three flaws had been first patched with iOS 16.7. Nevertheless, with two of them, iOS 17.0.1 brings “improved checks” whereas the third noticed “certificates validation situation” addressed to guard in opposition to the beforehand found bugs.
One was a kernal flaw, one other bypasses signature validation situation, and the final was a WebKit vulnerability that allowed arbitrary code execution.
Whereas it’s greatest to replace to the brand new launch to get the improved safety, consider you’ll want to put in iOS 17.0.1 in your iPhone 15/15 Professional earlier than restoring from a backup with this software program.
Listed below are the CVE’s for every fastened flaw:
Kernel
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: A neighborhood attacker might be able to elevate their privileges. Apple is conscious of a report that this situation might have been actively exploited in opposition to variations of iOS earlier than iOS 16.7.
Description: The difficulty was addressed with improved checks.
CVE-2023-41992: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Risk Evaluation Group
Safety
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: A malicious app might be able to bypass signature validation. Apple is conscious of a report that this situation might have been actively exploited in opposition to variations of iOS earlier than iOS 16.7.
Description: A certificates validation situation was addressed.
CVE-2023-41991: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Risk Evaluation Group
WebKit
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: Processing internet content material might result in arbitrary code execution. Apple is conscious of a report that this situation might have been actively exploited in opposition to variations of iOS earlier than iOS 16.7.
Description: The difficulty was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Risk Evaluation Group
FTC: We use earnings incomes auto affiliate hyperlinks. Extra.
