Apple Releases iOS 17.0.1 and iPadOS 17.0.1 Security Updates
Apple says it has received reports about three vulnerabilities on iOS and iPadOS that might have been exploited in previous versions of the operating systems. As a result, the company has released iOS 17.0.1 and iPadOS 17.0.1. Devices receiving the update include the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and the iPad mini 5th generation and later.
Update for Apple Watch
An update, watchOS 10.0.1, has also been released for the Apple Watch and security experts are advising users of the aforementioned Apple devices to download and install the updates as soon as possible. To get these security updates, go to Settings > General > Software Updates. Make sure that you have the iOS 17 Beta setting turned off under the Automatic Updates listing at the top of the Software Updates page.
Kernel Vulnerability Update
One of the updates is for the Kernel, which is the computer program that controls everything in the operating system. This flaw can allow a local attacker to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Apple fixed the issue with improved checks. It is listed as CVE 2023-41992 and was reported by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
The CVE, or Common Vulnerabilities and Exposures numbers, are used to catalog, identify, and share publicly disclosed cybersecurity issues.
Security Problem Update
The second update addresses a Security problem that could allow a malicious app to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. A certificate validation issue was addressed to fix the flaw which was discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group and was listed as CVE-2023-41991.
Install the iOS 17.0.1 phone on your iPhone for security reasons
WebKit Browser Engine Update
The last update is for the WebKit browser engine. Processing web content could lead an attacker to run any command or code on a targeted device. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Apple addressed the flaw with improved checks putting an end to CVE-2023-41993. Thanks to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group for finding the flaw.
Apple also released watchOS 10.0.1 for compatible Apple Watch models
Apple Watch has the same Kernel and Security flaws which is why you should install watchOS 10.0.1 by going to the Watch app on your iPhone and tapping General > Software Updates. Tap on Download and Install and make sure that your Apple Watch is on the charger and in range of your iPhone (connected to Wi-Fi). The watch has to be at least 50% charged to receive the update. Do not restart or remove the watch from the charger until the update is completed.
