Michael Potuck
Sep 21 2023
Three days after launching iOS 17, Apple has issued iOS 17.0.1 with three
important security patches. Notably, Apple says it's aware all of the fixed
vulnerabilities were reported as being actively exploited.
Shortly after releasing iOS 17.0.1 along with iPadOS 17.0.1, watchOS 10.0.1,
and more with "important bug fixes and security updates," Apple shared the
vulnerability details on its security page.
3 actively exploited flaws fixed again
Apple says that each of the three flaws were first patched with iOS 16.7.
However, with two of them, iOS 17.0.1 brings "improved checks" while the
third saw "certificate validation issue" addressed to protect against the
previously discovered bugs.
One was a kernal flaw, another bypasses signature validation issue, and the
last was a WebKit vulnerability that allowed arbitrary code execution.
While it's best to update to the new release to get the improved security,
keep in mind you'll need to install iOS 17.0.1 on your iPhone 15/15 Pro
before restoring from a backup with this software.
Here are the CVE's for each fixed flaw:
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and
later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad
Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th
generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is
aware of a report that this issue may have been actively exploited against
versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and
later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad
Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th
generation and later
Impact: A malicious app may be able to bypass signature validation. Apple is
aware of a report that this issue may have been actively exploited against
versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and
later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad
Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th
generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple
is aware of a report that this issue may have been actively exploited
against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
9to5Mac.
