Apple releases iOS 17.1.2, iPadOS 17.1.2 to patch two serious Zero-day vulnerabilities،
Apple today released iOS 17.1.2 and iPadOS 17.1.2 to fix two zero-day vulnerabilities that Apple says have already been exploited. A zero-day vulnerability is one that developers were not aware of and can be exploited until mitigated. The two defects found on
iOS 17.1.2 addresses the WebKit browser engine on iPhone XS and later, iPad
Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
The first vulnerability could lead to the disclosure of sensitive information when processing web content. Apple says it is aware of a report indicating that the vulnerability was exploited on versions of iOS prior to iOS 16.7.1. The issue was assigned the Common Vulnerabilities and Exposures (CVE) number of CVE-2023-42916 and was discovered by Clément Lecigne of Google’s Threat Analysis group.
Apple releases iOS 17.1.2 to fix two zero-day vulnerabilities
The flaw being fixed allowed attackers to read memory beyond the buffer, allowing them to see sensitive and personal information. And we’re talking about the kind of information that could lead to the deletion of the user’s bank account or unauthorized use of their credit cards. Apple says the out-of-bounds read has been addressed with improved input validation.
The CVE number for this second vulnerability is CVE-2023-42917 and was also discovered by Clément Lecigne of Google’s Threat Analysis Group. With this flaw, processing of web content could lead to arbitrary code execution allowing an attacker to execute any command or code and possibly steal personal information.
And like the first CVE, this is the kind of information that could reveal certain passwords or give other information that allows an attacker to access your bank account or use your credit cards to buy things which can be quickly converted into cash. The bad news is that this vulnerability has also been exploited, according to Apple, before iOS16.7.1. Apple said the memory corruption vulnerability was fixed with enhanced locking.
To install the update, go to Settings > General > Software update.
