About the security content of iOS 16.7.9 and iPadOS 16.7.9 – Apple Support

by

About the security content of iOS 16.7.9 and iPadOS 16.7.9 - Apple Support

October 15, 2024 at 02:09PM

Apple’s iOS 16.7.9 and iPadOS 16.7.9 address multiple vulnerabilities, including out-of-bounds reads, integer overflows, privacy issues, and cross-site scripting risks. Affected devices include iPhone 8, 8 Plus, X, and various iPad models. Updates are available to enhance security and prevent potential exploits from malicious content.

### Meeting Takeaways

**Release Information:**
– **Apple ID:** 120908
– **Release Date:** July 29, 2024

**Security Updates for iOS 16.7.9 and iPadOS 16.7.9:**

1. **Out-of-Bounds Read Issues:**
– **CVE-2024-40799, CVE-2024-27873, CVE-2023-6277, CVE-2023-52356, CVE-2024-40806**
– **Impact:** Processing a maliciously crafted file may lead to unexpected app termination.
– **Affected Devices:** iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th Generation, iPad Pro (9.7-inch and 12.9-inch 1st Generation).

2. **Integer Overflow:**
– **CVE-2024-40784**
– **Impact:** Processing a maliciously crafted file may lead to unexpected app termination.

3. **Type Confusion Issue:**
– **CVE-2024-40788**
– **Impact:** A local attacker may be able to cause unexpected system shutdown.

4. **Privacy Issue:**
– **CVE-2024-40796**
– **Impact:** Private browsing may leak some browsing history.

5. **Authentication Issue:**
– **CVE-2024-40778**
– **Impact:** Photos in the Hidden Photos Album may be viewed without authentication.

6. **Cross-Site Scripting Attacks:**
– **CVE-2024-40809, CVE-2024-40812, CVE-2024-40818, CVE-2024-40786**
– **Impact:** Processing maliciously crafted web content may lead to a cross-site scripting attack.

7. **Sensitive Information Exposure:**
– **CVE-2024-40822**
– **Impact:** An attacker may be able to view sensitive user information.

8. **Locked Device Access:**
– **CVE-2024-40822**
– **Impact:** An attacker with physical access may be able to access contacts from the lock screen.

9. **Unintended Process Crashes:**
– **CVE-2024-40829, CVE-2024-40789, CVE-2024-40776, CVE-2024-40782, CVE-2024-40779, CVE-2024-40780**
– **Impact:** Processing maliciously crafted web content may lead to unexpected process crashes.

**General Note:**
– All security updates apply to iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th Generation, iPad Pro (9.7-inch and 12.9-inch 1st Generation).
– Users are advised to install these updates to mitigate potential security vulnerabilities.

Full Article