iOS 17.2 and iPadOS 17.2 have been launched by the company, featuring enhancements that resolve twelve security vulnerabilities.
Among these, the most critical is a memory corruption issue located within ImageIO, which, if successfully exploited, could result in arbitrary code execution. To counter this flaw, the IT giant has taken steps to enhance memory handling.
A significant vulnerability, CVE-2023-45866, has emerged in Bluetooth, classified as critical due to its potential to enable an attacker in a privileged network position to inject keystrokes by mimicking a keyboard.
SkySafe security researcher Marc Newlin brought this vulnerability to light last week. The iPhone maker has promptly addressed the issue in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2, implementing enhanced checks for increased security.
Apple has also rolled out Safari 17.2, featuring resolutions for two WebKit vulnerabilities—CVE-2023-42890 and CVE-2023-42883—capable of triggering arbitrary code execution and a denial-of-service (DoS) situation. This update is accessible for Macs running macOS Monterey and macOS Ventura.
In addition to fixing a Siri vulnerability that could potentially allow an adversary with physical access to obtain sensitive data, iOS 17.2 and iPadOS 17.2 introduce a security enhancement called Contact Key Verification. This feature safeguards the privacy of iMessage conversations by empowering users to verify the contacts they are communicating with.
“In October 2023, Apple highlighted that iMessage Contact Key Verification represents an advancement in Key Transparency deployments. It enables user devices to independently verify consistency proofs, ensuring the uniformity of the Key Transparency (KT) system across all devices associated with an account.
These enhancements serve as a protective measure against potential compromises of the key directory and the transparency service itself. Furthermore, they are designed to detect split views presented by both services, bolstering the overall security of the system,” explained Apple in a technical document.
The vulnerabilities in question have been addressed in both tvOS 17.2 and watchOS 10.2. Currently, no further details are available regarding the specifics of the exploitation or information about the threat actors potentially leveraging these vulnerabilities.
Leave A Comment