Apple suggests you install ASAP iOS, iPadOS 17.0.1 and watchOS 10.0.1 for security reasons

Apple says it has received reports about three vulnerabilities on iOS and iPadOS that might have been exploited in previous versions of the operating systems. As a result, the company has released iOS 17.0.1 and iPadOS 17.0.1. Devices receiving the update include the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and the iPad mini 5th generation and later.

An update, watchOS 10.0.1, has also been released for the Apple Watch and security experts are advising users of the aforementioned Apple devices to download and install the updates as soon as possible. To get these security updates, go to Settings > General > Software Updates. Make sure that you have the iOS 17 Beta setting turned off under the Automatic Updates listing at the top of the Software Updates page.

One of the updates is for the Kernel, which is the computer program that controls everything in the operating system. This flaw can allow a local attacker to elevate their privileges. As we noted, Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Apple fixed the issue with improved checks. It is listed as CVE 2023-41992 and was reported by Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group.

The CVE, or Common Vulnerabilities and Exposures numbers, are used to catalog, identify, and share publicly disclosed cybersecurity issues.

The second update addresses a Security problem that could allow a malicious app to bypass signature validation. Once again, Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. A certificate validation issue was addressed to fix the flaw which was discovered again by Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group and was listed as CVE-2023-41991.

The last update is for the WebKit browser engine. Processing web content could lead an attacker to run any command or code or a targeted device. As with the other two vulnerabilities, "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." Apple addressed the flaw with improved checks putting an end to CVE-2023-41993. Again, we can thank Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group for finding the flaw.

Apple Watch has the same Kernel and Security flaws which is why you should install watchOS 10.0.1 by going to the Watch app on your iPhone and tapping General > Software Updates. Tap on Download and Install and make sure that your Apple Watch is on the charger and in range of your iPhone (connected to Wi-Fi). The watch has to be at least 50% charged to receive the update. Do not restart or remove the watch from the charger until the update is completed.