Apple finally reveals the serious security issues it patched in iOS 17.4.1

Apple finally reveals the serious security issues it patched in iOS 17.4.1،

Remember when Apple released iOS 17.4.1 and iPadOS 17.4.1? Yes of course ; after all, Apple released the update just four days ago, on March 21. At the time of the release of iOS 17.4.1 and iPadOS 17.4.1, Apple kept quiet about the security issues addressed by the update. On its support page, Apple did not include the CVE or Common Vulnerabilities and Exploitation numbers that are used to catalog vulnerabilities, and instead wrote: “Details coming soon.”

On the page announcing the iOS 17.4.1 and iPadOS 17.4.1, Apple has hinted that the updates should be installed as soon as possible. Apple wrote the same thing about each version of the operating system: “This update provides important bug fixes and security updates and is recommended for all users.” Today Apple updated its Security Releases Support Page to include flaws that Apple had to fix but previously failed to mention. A patch fixed a flaw in CoreMedia, the media framework that Apple uses on its devices, including the iPhone.

This flaw affected users of these devices: iPhone later, iPad 6th generation and later, and iPad mini 5th generation and later. Someone with one of the aforementioned devices and tapping on a malicious image could have given an attacker the ability to execute commands or codes on the target device. The update, once installed, removes this vulnerability from affected devices.

Apple updates its Security Releases support page to reveal flaws fixed by iOS 17.4.1 and iPadOS 17.4.1

Apple did not say there were any indications the vulnerability had been exploited. The simple description given by Apple read: “An out-of-bounds write issue has been resolved with improved input validation.” Given the listing number CVE-2024-1580, the flaw was discovered by Nick Galloway of Google Project Zero.

The second vulnerability was a flaw in the system Apple calls WebRTC, which provides “real-time communication for web browsers and mobile applications through application programming interfaces.” This flaw also impacted the same devices that we will happily repeat: iPhone XS and later, iPad Pro 12.9 inch 2nd generation and later, iPad Pro 10.5 inch, iPad Pro 11 inch 1st generation and later, iPad Air 3rd generation and later. , iPad 6th generation and later, and iPad mini 5th generation and later.

This vulnerability, which is also not exploited by any attacker that Apple is aware of, would also have allowed an attacker to execute commands or codes on a targeted device. The flaw was assigned the CVE number CVE-2024-1580 and was also discovered by Nick Galloway of Google Project Zero.

If you have not installed iOS 17.4.1, go to Settings > General > Software update and follow the directions.