Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

Apple has rolled out new updates for iPhone users. In total, the Cupertino giant released three updates on Thursday, starting with iOS 16.7. However, the company followed it with iOS 17.0.1 which addressed the same issues, albeit its coverage of the iPhone model list is different. On the other hand, all iPhone 15 models will be getting the iOS 17.0.2 update.

The company detailed the three flaws in the update involving kernel, security, and WebKit, which were given the CVE labels CVE-2023-41992, CVE-2023-41991, and CVE-2023-41993, respectively. The iOS 16.7 fix covered iPhone 8 and later models, but Apple made a follow-up update for the same issues for iPhone XS and later models via iOS 17.0.1.

On the other hand, Apple is releasing iOS 17.0.2 for all iPhone 15 models. There are still no CVE details about it, but we will update this article once more information surfaces.

Meanwhile, here are the flaw details in iOS 17.0.1, which were all first addressed in iOS 16.7:

Kernel

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Security

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: A certificate validation issue was addressed.

CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 261544

CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

LEAVE A REPLY

Please enter your comment!
Please enter your name here