December 11, 2023 at 05:30PM
Apple released iOS and iPadOS 17.2 with security fixes for 11 vulnerabilities, including memory corruption in ImageIO and code execution flaw in WebKit. The update also addresses privacy and information disclosure issues, as well as previously documented zero-day exploits. Additionally, iOS 16.7.3 and iPadOS 16.7.3 provide security patches for older devices.
From the meeting notes, it is clear that Apple has rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks.
The newest iOS 17.2 and iPadOS 17.2 contain fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. The security response team from Cupertino has advised that the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution when certain images are processed.
Furthermore, the iOS 17.2 rollout also addresses a code execution flaw in the WebKit rendering engine and a memory safety issue that allows apps to break out of the device sandbox.
Additionally, the company has fixed a privacy issue in Accounts, an information disclosure issue in AVEVideoEncoder, an Extension Kit that allows access to sensitive user data, and a Siri flaw that allows an attacker with physical access to use the voice bot to access sensitive user data.
In addition, Apple has rolled out iOS 16.7.3 and iPadOS 16.7.3 to provide a batch of security fixes to devices running older versions of the operating system. These updates also include fixes for previously documented WebKit zero-days caught via in-the-wild exploitation.