Apple patched several security vulnerabilities in iOS 17.1 and the rest

AppleInsiderAppleInsider
Posted:
in iOS

The latest security patches in iOS 17.1, iPadOS 17.1, macOS Sonoma 14.1 and the other operating system updates cover a range of potential exploits and vulnerabilities.

iOS 17.1 has several security patches
iOS 17.1 has several security patches



Apple has shared the security patch notes for its latest updates, and the list is extensive. Big point releases like iOS 17.1 generally have a lot of patches, but the number is somewhat surprising given iOS 17 had several smaller updates before the point one.

The iOS 17.1, iPadOS 17.1, watchOS 10.1, tvOS 17.1, and macOS Sonoma 14.1 updates arrived on October 25. Apple's security patch notes show that multiple vulnerabilities existed across several operating systems.

Security releases



There are a significant number of patches across every operating system, so we won't be listing everything here. Instead, here are some patches shared across multiple operating systems.

Contacts


  • OS impacted: iOS, iPadOS, macOS

  • Description: An app may be able to cause a denial-of-service, which was addressed with improved memory handling.

  • CVE-2023-41072 and CVE-2023-42857

CoreAnimation


  • OS impacted: iOS, iPadOS, macOS

  • Description: An app may be able to cause a denial-of-service, which was addressed with improved memory handling.

  • CVE-2023-40449

Find My


  • OS impacted: iOS, iPadOS, macOS, watchOS

  • Description: An app may be able to read sensitive location information, which was addressed with improved handling of caches.

  • CVE-2023-40413

ImageIO


  • OS impacted: iOS, iPadOS, macOS

  • Description:Processing an image may result in disclosure of process memory, which was addressed with improved memory handling.

  • CVE-2023-40416

IOTextEncryptionFamily


  • OS impacted: iOS, iPadOS, macOS

  • Description: An app may be able to execute arbitrary code with kernel privileges, which was addressed with improved memory handling.

  • CVE-2023-40423

Kernel


  • OS impacted: iOS, iPadOS, macOS, watchOS

  • Description: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations, which was addressed with improved memory handling.

  • CVE-2023-42849

mDNSResponder


  • OS impacted: iOS, iPadOS, tvOS, watchOS

  • Description: A device may be passively tracked by its Wi-Fi MAC address, which was addressed by removing the vulnerable code.

  • CVE-2023-42846

Passkeys


  • OS impacted: iOS, iPadOS, macOS

  • Description: An attacker may be able to access passkeys without authentication, which was addressed with improved checks to a logic issue.

  • CVE-2023-42847

Photos


  • OS impacted: iOS, iPadOS, macOS

  • Description: Photos in the Hidden Photos Album may be viewed without authentication, which was addressed with improved state management.

  • CVE-2023-42845

Siri


  • OS impacted:iOS, iPadOS, macOS, watchOS

  • Description: An attacker with physical access may be able to use Siri to access sensitive user data, which was addressed by restricting options offered on a locked device.

  • CVE-2023-41982, CVE-2023-41997, CVE-2023-41988



Other issues included WebKit vulnerabilities that could lead to arbitrary code execution, a weather bug that could give an app access to sensitive data, and a status bar issue that caused devices to fail to lock. The iOS 17.1 and iPadOS 17.1 page had eighteen fixes alone.

The full list of Apple security updates and details can be found on Apple's security releases website.

Read on AppleInsider

Sign In or Register to comment.