December 11, 2024 at 01:33PM
Apple’s iPadOS 17.7.3 update, releasing on December 11, 2024, addresses multiple vulnerabilities (CVE-2024-44201, CVE-2024-54486, among others) affecting iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad 6th gen. Issues include memory disclosure, kernel state leakage, denial of service, and unexpected crashes.
### Meeting Notes Summary
**Apple ID**: 121838
**Release Date**: 2024-12-11
**Affected Product**: iPadOS 17.7.3
#### Security Updates & Vulnerabilities:
1. **CVE-2024-54486**
– **Description**: Improved checks implemented.
– **Impact**: Processing a maliciously crafted font may disclose process memory.
2. **CVE-2024-54500 / CVE-2024-54494 / CVE-2024-54510**
– **Description**: Improved locking to address a race condition.
– **Impact**: An app may leak sensitive kernel state.
3. **CVE-2024-44245**
– **Description**: Improved memory handling.
– **Impact**: An app might cause unexpected system termination or kernel memory corruption.
4. **CVE-2024-44201**
– **Description**: Improved memory handling.
– **Impact**: Processing a maliciously crafted file may lead to denial-of-service.
5. **CVE-2024-45490**
– **Description**: Vulnerability in open-source code affecting Apple Software.
– **Impact**: A remote attacker may cause unexpected app termination or arbitrary code execution.
6. **CVE-2024-44225**
– **Description**: Improved checks for a logic issue.
– **Impact**: An app may gain elevated privileges.
7. **CVE-2024-54492**
– **Description**: Addressed using HTTPS for network information transmission.
– **Impact**: An attacker in a privileged network can alter network traffic.
8. **CVE-2024-44246**
– **Description**: Improved routing for Safari-originated requests.
– **Impact**: May reveal the originating IP address when adding a website to Safari Reading List with Private Relay enabled.
9. **CVE-2024-54501**
– **Description**: Improved checks implemented.
– **Impact**: Processing a maliciously crafted file may lead to denial-of-service.
10. **CVE-2024-54485 / CVE-2024-54479**
– **Description**: Improved checks.
– **Impact**: Processing maliciously crafted web content may cause unexpected process crashes.
11. **CVE-2024-54505**
– **Description**: Improved memory handling for a type confusion issue.
– **Impact**: Processing maliciously crafted web content may lead to memory corruption.
**Update Availability**:
– Update is available for:
– iPad Pro 12.9-inch (2nd generation)
– iPad Pro 10.5-inch
– iPad (6th generation)
### Next Steps:
– Ensure the updates for the mentioned vulnerabilities are applied to the affected devices by the release date.
– Monitor any further developments related to the CVE entries listed.