Three days after launching iOS 17, Apple has issued iOS 17.0.1 with three vital safety patches. Notably, Apple says it’s conscious all the fastened vulnerabilities had been reported as being actively exploited.
Shortly after releasing iOS 17.0.1 together with iPadOS 17.0.1, watchOS 10.0.1, and extra with “vital bug fixes and safety updates,” Apple shared the vulnerability particulars on its safety web page.
3 actively exploited flaws patched
One was a kernel flaw, one other bypasses signature validation subject, and the final was a WebKit vulnerability that allowed arbitrary code execution.
Apple says that every of the three flaws was reported as actively exploited previous to 16.7. For fixes, iOS 17.0.1 brings “improved checks” whereas the third noticed “certificates validation subject” addressed to guard towards the beforehand found bugs.
Whereas it’s finest to replace to the brand new launch to get the improved safety, take note you’ll want to put in iOS 17.0.1 in your iPhone 15/15 Professional earlier than restoring from a backup with this software program.
Listed here are the CVE’s for every fastened flaw:
Kernel
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: An area attacker might be able to elevate their privileges. Apple is conscious of a report that this subject could have been actively exploited towards variations of iOS earlier than iOS 16.7.
Description: The difficulty was addressed with improved checks.
CVE-2023-41992: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Menace Evaluation Group
Safety
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: A malicious app might be able to bypass signature validation. Apple is conscious of a report that this subject could have been actively exploited towards variations of iOS earlier than iOS 16.7.
Description: A certificates validation subject was addressed.
CVE-2023-41991: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Menace Evaluation Group
WebKit
Obtainable for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, iPad mini fifth technology and later
Affect: Processing net content material could result in arbitrary code execution. Apple is conscious of a report that this subject could have been actively exploited towards variations of iOS earlier than iOS 16.7.
Description: The difficulty was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Invoice Marczak of The Citizen Lab at The College of Toronto’s Munk Faculty and Maddie Stone of Google’s Menace Evaluation Group
