Apple has released iOS 17.1.2, bringing fixes for two zero-day vulnerabilities for iPhone and iPad users.
The flaws revolve around Apple’s WebKit and the exploits involving the vulnerabilities show attackers continue to focus on finding flaws in the framework that downloads and presents web-based content.
The latest bugs could lead to both data leakage and arbitrary code execution, and appear to be tied to targeted attacks that are common against high-risk users.
The vulnerabilities — CVE-2023-42916 and CVE-2023-42917 — were discovered by Clément Lecigne of Google’s Threat Analysis Group and affect iPhone XS and later; several models of iPads; and Macs running macOS Monterey, Ventura or Sonoma.
Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Supported Devices
- iPhone 15
- iPhone 15 Plus
- iPhone 15 Pro
- iPhone 15 Pro Max
- iPhone 14
- iPhone 14 Plus
- iPhone 14 Pro
- iPhone 14 Pro Max
- iPhone 13
- iPhone 13 mini
- iPhone 13 Pro
- iPhone 13 Pro Max
- iPhone 12
- iPhone 12 mini
- iPhone 12 Pro
- iPhone 12 Pro Max
- iPhone 11
- iPhone 11 Pro
- iPhone 11 Pro Max
- iPhone Xs
- iPhone XS Max
- iPhone XR
- iPhone X
- iPhone 8
- iPhone 8 Plus
- iPhone SE (2nd generation or later)
iOS 17.1.2 Security Fixes
WebKit
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.
As normal, to update to iOS 17.1.2 go to your iPhone Settings > General > Software Update and install iOS 17.1. as soon as you possibly can.
