Apple warns to upgrade to iOS 17.1.2 fixing two major zero-day vulnerabilities

Apple released iOS 17.1.2 and iPadOS 17.1.2 on Thursday with fixes for a few recently discovered zero-day vulnerabilities. Both zero-day vulnerabilities were related to the WebKit browser engine affecting iPhone XS and later, iPad Pro 10.5″ and 11″ 1st generation and later, iPad Air 3rd generation and later , the 12.9″ iPad Pro 2nd generation, as well as iPad 6th generation and later, and finally, iPad mini 5e and later.

According to reports, the first vulnerability, if exploited, would have allowed attackers to find sensitive information when the device processes web content. Identified as CVE-2023-4291, the vulnerability was discovered by Clément Lecigne of the Threat Analysis Group at Google. The Cupertino-based giant is aware of the issue affecting iOS 16.7.1 and earlier.

The report adds that the flaw would allow attackers to read beyond the buffer, potentially exposing sensitive information such as bank account and credit card details.

The second of the vulnerabilities identified as CVE-2023-42917 concerns web content processing where arbitrary code execution would allow attackers to execute code or commands that could steal personal information. Unfortunately, some users may have already experienced these vulnerabilities on iPhones and iPads running iOS 16.7.1 and others.

In any case, iOS 17.2 and iPadOS 17.2 managed to fix these issues. You can check the OTA update via Settings >> General >> Software Update.

You can follow Smartprix on Twitter, Facebook, Instagram and Google News. Visit smartprix.com for the latest news, reviews and technical guides.