Apple has released iOS 17.1.2, bringing fixes for two zero-day vulnerabilities for iPhone and iPad users.
The flaws revolve around Apple’s WebKit and the exploits involving the vulnerabilities show attackers continue to focus on finding flaws in the framework that downloads and presents web-based content.
The latest bugs could lead to both data leakage and arbitrary code execution, and appear to be tied to targeted attacks that are common against high-risk users.
The vulnerabilities — CVE-2023-42916 and CVE-2023-42917 — were discovered by Clément Lecigne of Google’s Threat Analysis Group and affect iPhone XS and later; several models of iPads; and Macs running macOS Monterey, Ventura or Sonoma.
Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
iPhone 15 Plus
iPhone 15 Pro
iPhone 15 Pro Max
iPhone 14 Plus
iPhone 14 Pro
iPhone 14 Pro Max
iPhone 13 mini
iPhone 13 Pro
iPhone 13 Pro Max
iPhone 12 mini
iPhone 12 Pro
iPhone 12 Pro Max
iPhone 11 Pro
iPhone 11 Pro Max
iPhone XS Max
iPhone 8 Plus
iPhone SE (2nd generation or later)
iOS 17.1.2 Security Fixes
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.
As normal, to update to iOS 17.1.2 go to your iPhone Settings > General > Software Update and install iOS 17.1. as soon as you possibly can.