"Apple Ships iOS 17.2 With Urgent Security Patches"

Apple recently rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks.  According to Apple, the newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes.  In an advisory from Cupertino’s security response team, it was noted that the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution when certain images are processed.  The iOS 17.2 rollout also addresses a code execution flaw in the WebKit rendering engine and a memory safety issue that allows apps to break out of the device sandbox.  Apple also fixed a privacy issue in Accounts, an information disclosure issue in AVEVideoEncoder, an Extension Kit that allows access to sensitive user data, and a Siri flaw that allows an attacker with physical access to use the voice bot to access sensitive user data.  Apple also recently rolled out iOS 16.7.3 and iPadOS 16.7.3 to provide a batch of security fixes to devices running older versions of the operating system.  Those updates also include fixes for previously documented WebKit zero-days caught via in-the-wild exploitation.

 

SecurityWeek reports: "Apple Ships iOS 17.2 With Urgent Security Patches"

Submitted by Adam Ekwall on