About the security content of iOS 17.7.1 and iPadOS 17.7.1 – Apple Support

About the security content of iOS 17.7.1 and iPadOS 17.7.1 - Apple Support

October 28, 2024 at 12:00PM

An update for iOS 17.7.1 and iPadOS 17.7.1 addresses multiple vulnerabilities affecting various iPhone and iPad models. Issues include improved authentication, checks against unauthorized data access, and prevention of sensitive information disclosure and denial of service. Users are encouraged to update their devices. Release date: October 28, 2024.

### Meeting Takeaways

**Release Details:**
– **Apple ID:** 121567
– **Release Date:** October 28, 2024
– **Affected Products:** iOS 17.7.1 and iPadOS 17.7.1, compatible with:
– iPhone XS and later
– iPad Pro 12.9-inch (2nd generation and later)
– iPad Pro 10.5-inch
– iPad Pro 11-inch (1st generation and later)
– iPad Air (3rd generation and later)
– iPad (6th generation and later)
– iPad mini (5th generation and later)

**Security Vulnerabilities Addressed:**
1. **CVE-2024-44274**
– **Description:** Improved authentication to address physical access vulnerabilities.
– **Impact:** Possible viewing of sensitive user information by an attacker with device access.

2. **CVE-2024-44240, CVE-2024-44302**
– **Description:** Improved checks for maliciously crafted fonts.
– **Impact:** Potential disclosure of process memory.

3. **CVE-2024-44282, CVE-2024-44215**
– **Description:** Addressed issues with image processing and checks.
– **Impact:** Disclosure of process memory.

4. **CVE-2024-44297**
– **Description:** Improved bounds checks.
– **Impact:** Denial-of-service caused by malicious messages.

5. **CVE-2024-44239**
– **Description:** Enhanced private data redaction in logs.
– **Impact:** Potential leakage of sensitive kernel state by applications.

6. **CVE-2024-44258, CVE-2024-44252**
– **Description:** Improved handling of symlinks and file handling.
– **Impact:** Possible modification of protected system files during backup restoration.

7. **CVE-2024-44155**
– **Description:** Improved input validation for custom URL schemes.
– **Impact:** Violations of iframe sandboxing policy by malicious web content.

8. **CVE-2024-44259, CVE-2024-44144**
– **Description:** Addressed buffer overflow issues with improved size validation.
– **Impact:** Unexpected app termination when processing malicious files.

9. **CVE-2024-44218**
– **Description:** Improved checks for file processing issues.
– **Impact:** Potential for heap corruption from malicious file handling.

10. **CVE-2024-44269**
– **Description:** Enhanced checks to prevent malicious apps from accessing restricted files.
– **Impact:** Possible unauthorized access to restricted content.

11. **CVE-2024-44278**
– **Description:** Improved private data redaction in logs for sandboxed apps.
– **Impact:** Risk of accessing sensitive user data from system logs.

12. **CVE-2024-44261**
– **Description:** Restricted options on locked devices.
– **Impact:** Prevention of unauthorized viewing of restricted content from the lock screen.

13. **CVE-2024-44296**
– **Description:** Improved checks to enforce Content Security Policy.
– **Impact:** Mitigation of issues caused by malicious web content.

### Conclusion
This meeting highlighted critical security updates for iOS 17.7.1 and iPadOS 17.7.1, some of which involve addressing vulnerabilities that could affect user data protection and system integrity. All users of the affected devices are encouraged to update to the latest version promptly.

Full Article