Great Moto G Stylus deal on Amazon!

Apple finally reveals the serious security issues it patched in iOS 17.4.1

By
1comment
iOS Apple Software updates
Apple finally reveals the serious security issues it patched in iOS 17.4.1
Remember when Apple released iOS 17.4.1 and iPadOS 17.4.1? Sure you do; after all, Apple released the update just four days ago on March 21st. At the time that iOS 17.4.1 and iPadOS 17.4.1 were released, Apple kept mum about the security issues being fixed by the update. On its support page, Apple didn't include the CVE or Common Vulnerabilities and Exploitation numbers that are used to catalog flaws, and instead, it wrote, "Details coming soon." 

On the page announcing the iOS 17.4.1 and iPadOS 17.4.1 updates, Apple hinted that the updates should be installed as soon as possible. Apple wrote the same thing about each OS release, "This update provides important bug fixes and security updates and is recommended for all users." Today, Apple updated its Security Releases support page to include the flaws that Apple had to patch but previously failed to mention. One patch took care of a flaw in CoreMedia, the media framework that Apple uses on its devices including the iPhone.

This flaw affected users of these devices: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. Someone with one of the aforementioned devices tapping on a malicious image could have given an attacker the opportunity to run any commands or codes on the target device. The update, once installed, removes this vulnerability from the affected devices.

Recommended Stories
Apple updates its Security Releases support page to reveal the flaws fixed by iOS 17.4.1 and iPadOS 17.4.1 - Apple finally reveals the serious security issues it patched in iOS 17.4.1
Apple updates its Security Releases support page to reveal the flaws fixed by iOS 17.4.1 and iPadOS 17.4.1

Apple didn't say that it had any indication that the vulnerability was exploited. The simple description given by Apple read like this: "An out-of-bounds write issue was addressed with improved input validation." Given the CVE-2024-1580 listing number, the flaw was discovered by Google Project Zero's Nick Galloway.

The second vulnerability was a flaw in the system Apple calls WebRTC which provides "web browsers and mobile applications with real-time communication via application programming interfaces." This flaw also impacted the same devices which we will gladly repeat: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

This vulnerability, also not exploited by any attackers as far as Apple could tell, also would have allowed an attacker to run any commands or codes on a targeted device. The flaw was assigned CVE number CVE-2024-1580 and was also discovered by Nick Galloway of Google Project Zero

If you haven't installed iOS 17.4.1 yet, go to Settings > General > Software Update and follow the directions.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'

Latest News

Grab the OnePlus Pad at its lowest price through this sweet deal
Grab the OnePlus Pad at its lowest price through this sweet deal
TikTok might shut down for real, as the owner apparently rejects selling the app
TikTok might shut down for real, as the owner apparently rejects selling the app
The small but capable Bose SoundLink Flex drops to its best price at Best Buy
The small but capable Bose SoundLink Flex drops to its best price at Best Buy
Patent shows the Galaxy Z Flip 7 may come with three cameras
Patent shows the Galaxy Z Flip 7 may come with three cameras
Is Apple going to take over your home with a Google-powered robot?
Is Apple going to take over your home with a Google-powered robot?
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
Introducing PhoneArena Battery Score: an easier way to learn about battery life on your phone
FCC OKs Cingular\'s purchase of AT&T Wireless