[German]Apple has released updates to iOS 17.0.1, iPadOS 17.0.1, watchOS 10.0.1 and macOS as of September 21, 2023. These are unscheduled security updates that were due shortly after the release of iOS/iPadOS 17 and watchOS 10 and are intended to fix three serious 0-day vulnerabilities.
Advertising
The vulnerabilities
According to this security advisory (available via this page) from Apple, three vulnerabilities in the kernel, webkit and security functions (certificate validation) have been found and closed. The colleagues from Bleeping Computer have published an article with an overview of the affected products. Here is an overview of the vulnerabilities and affected Apple operating systems:
- CVE-2023-41992: A local attacker may be able to extend their privileges. Apple is aware of a report that this issue can be actively exploited for iOS versions prior to iOS 16.7. The vulnerability is closed in the following operating systems: iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1
- CVE-2023-41991: A certificate validation issue has been fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app could bypass signature validation. Apple is aware of a report that this issue can be actively exploited for iOS versions prior to iOS 16.7.
- CVE-2023-41993: Fixed a validation issue in WebKit in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Web content processing could lead to the execution of arbitrary code. Apple is aware of a report that this issue can be actively exploited against iOS versions prior to iOS 16.7.
This Apple site lists the device models for which the respective operating system emergency updates are provided. It also tells us that iOS 17.0.2 has already been released for the iPhone 15 – but there are no details yet. Furthermore, various macOS versions have also received emergency updates to fix the above vulnerabilities.
