Apple has released iOS 17.1.2 and iPadOS 17.1.2 to fix a pair of zero-day vulnerabilities that have been exploited. Zero-day vulnerabilities are those that developers do not know about and can be exploited until mitigated. Both of the flaws found on iOS 17.1.2 deal with the WebKit browser engine on certain iPhone and iPad models.
The first vulnerability could lead to the disclosure of sensitive information while web content is being processed. This issue was given a Common Vulnerabilities and Exposures (CVE) number of CVE-2023-42916 and was found by Clément Lecigne of Google’s Threat Analysis Group.
The second vulnerability could allow an attacker to run any commands or code, possibly leading to the theft of personal information. This issue has a CVE number of CVE-2023-42917 and was also discovered by Clément Lecigne.
According to Apple, both vulnerabilities were exploited before iOS 16.7.1. To install the update, go to Settings > General > Software Update.