Apple releases iOS 17.2, patches multiple critical flaws
Take action: If you are using Apple devices, another update effort. Be agile about the WebKit fixes, because the vulnerable application is your browser. All it takes is a properly malicious website for you to get hacked.
Learn More
Apple released security updates across its product line, including iOS, iPadOS, macOS, TVOS, watchOS, and Safari. This includes rectifying two zero-day vulnerabilities discovered in older models. The updates target a range of issues, with iOS and iPadOS addressing 12 vulnerabilities in various components like AVEVideoEncoder, ExtensionKit, and others. macOS Sonoma 14.2 resolves 39 issues, including six affecting the ncurses library.
Key Security Enhancements
- CVE-2023-45866, a severe Bluetooth flaw that could allow keystroke injection by a malicious keyboard. This issue, revealed by researcher Marc Newlin, was quickly fixed in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2.
- Safari 17.2, designed for macOS Monterey and Ventura, rectifies two WebKit flaws (CVE-2023-42890 and CVE-2023-42883) that posed risks of arbitrary code execution and denial-of-service.
Innovative Security Measures in iOS and iPadOS
iOS 17.2 and iPadOS 17.2, apart from addressing vulnerabilities, introduce the Contact Key Verification feature in iMessage. This tool enhances messaging security, particularly for individuals facing significant digital threats, like journalists and government officials. It includes consistency proofs and cross-device consistency checks to protect against key directory and transparency service compromises.
Updates for Older Apple Devices
To address security concerns on older devices, Apple released iOS 16.7.3 and iPadOS 16.7.3.
