Great Moto G Stylus deal on Amazon!
PhoneArena unveils the ultimate collector’s book for phone enthusiasts
PhoneArena unveils the ultimate collector’s book for phone enthusiasts

Apple releases iOS 17.1.2, iPadOS 17.1.2 to patch two serious Zero-day vulnerabilities

By
5comments
iOS Apple Tablets Software updates
Apple releases iOS 17.1.2, iPadOS 17.1.2 to patch two serious Zero-day vulnerabilities
Apple today released iOS 17.1.2, and iPadOS 17.1.2 to patch a pair of zero-day vulnerabilities that have already been exploited according to Apple. A Zero-day vulnerability is one that developers did not know about and can be exploited until mitigated. Both of the flaws found on iOS 17.1.2 deal with the WebKit browser engine on the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

The first vulnerability might lead to sensitive information being disclosed while web content is being processed. Apple says that it is aware of a report stating that the vulnerability was exploited on versions of iOS before iOS 16.7.1. The issue was given a Common Vulnerabilities and Exposures (CVE) number of  CVE-2023-42916 and was discovered by Clément Lecigne of Google's Threat Analysis Group.

Apple releases iOS 17.1.2 to patch two zero-day vulnerabilities - Apple releases iOS 17.1.2, iPadOS 17.1.2 to patch two serious Zero-day vulnerabilities
Apple releases iOS 17.1.2 to patch two zero-day vulnerabilities

The flaw being patched allowed the attackers to read memory beyond the buffer allowing them to see sensitive and personal information. And we're talking about the kind of information that could lead to the emptying of the user's bank account or unauthorized use of the user's credit cards. Apple says that the out-of-bounds read was addressed with improved input validation. 

The CVE number for this second vulnerability is CVE-2023-42917 and was also discovered by Clément Lecigne of Google's Threat Analysis Group. With this flaw, processing web content could lead to an arbitrary code execution allowing an attacker to run any commands or code and again, possibly stealing personal information. 

And like the first CVE, this is the kind of information that could reveal certain passwords or give up other information allowing an attacker to get into your bank account or use your credit cards to purchase things that can be quickly converted to cash. The bad news here is that this vulnerability was also exploited, according to Apple, before iOS 16.7.1. Apple said that the memory corruption vulnerability was addressed with improved locking.

To install the update go to Settings > General > Software Update.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Featured Stories

Weekly deals roundup: Galaxy Tab S6 Lite (2024), Pixel phones, and more promos to splurge on
Weekly deals roundup: Galaxy Tab S6 Lite (2024), Pixel phones, and more promos to splurge on
Leaked iPhone 16 vs iPhone 15 image reveals another thing that has changed between the models
Leaked iPhone 16 vs iPhone 15 image reveals another thing that has changed between the models
You can no longer get a decent phone for less than $500
You can no longer get a decent phone for less than $500
Apple's shares blast off after record stock buyback is announced
Apple's shares blast off after record stock buyback is announced
Loading Comments...

Latest News

The way you handle your iPhone apps could be hurting battery life and performance
The way you handle your iPhone apps could be hurting battery life and performance
HTC could launch another mid-range smartphone this summer
HTC could launch another mid-range smartphone this summer
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
Apple removes three apps from App Store that claimed in ads they could create AI porn
Apple removes three apps from App Store that claimed in ads they could create AI porn
FCC OKs Cingular\'s purchase of AT&T Wireless