![\"apple](\"https://9to5mac.com/wp-content/uploads/sites/6/2023/09/apple-security-cloud.jpg.webp?w=1600\")
Following the release of iOS 17, Apple has quickly followed up with iOS 17.0.1, which includes three important security patches. Apple has noted that all three vulnerabilities addressed in this update were actively exploited.
After rolling out iOS 17.0.1 and iPadOS 17.0.1, as well as watchOS 10.0.1, Apple posted detailed information about the vulnerabilities on its security page.
3 actively exploited flaws patched
The vulnerabilities include a kernel flaw, a bypass of signature validation issue, and a WebKit vulnerability that allowed for arbitrary code execution.
Apple has stated that all three vulnerabilities were actively exploited before version 16.7. The iOS 17.0.1 update implements “improved checks” to address these issues and enhance security.
It is recommended to update to iOS 17.0.1 for enhanced security measures. However, it is important to note that iPhone 15/15 Pro users will need to install iOS 17.0.1 before restoring from a backup with this software.
Below are the CVE details for each fixed vulnerability:
Kernel
Devices affected: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A local attacker could potentially elevate their privileges. Apple has received reports of active exploitation of this issue on iOS versions prior to iOS 16.7.
Description: The issue has been resolved with enhanced checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Security
Devices affected: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Malicious apps could potentially bypass signature validation. Apple has received reports of active exploitation of this issue on iOS versions prior to iOS 16.7.
Description: A certificate validation issue has been addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
WebKit
Devices affected: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Processing web content could lead to arbitrary code execution. Apple has received reports of active exploitation of this issue on iOS versions prior to iOS 16.7.
Description: The issue has been resolved with enhanced checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
FTC: We use income earning auto affiliate links. More.
![\"\"](\"https://9to5mac.com/wp-content/uploads/sites/6/2023/09/9to5Mac-nativebanner-updated.jpg?quality=82&strip=all\")
