The first could see an app be able to access user-sensitive data, while the second could enable an app to cause unexpected system termination or write kernel memory.Ī serious issue in libxpc could see an app able to break out of its sandbox, while a second flaw could enable it to execute arbitrary code out of its sandbox or with certain elevated privileges. CVE-2024-23284 and CVE-2024-23263 could prevent Content Security Policy from being enforced via processing malicious web content.Īn additional two flaws in the iPhone kernel were fixed in iOS 17.4. Of these, one issue tracked as CVE-2024-23226 could result in arbitrary code execution via processing malicious web content. It might sound like a large number, but it’s normal for a big point upgrade such as iOS 17.4.Īs part of its iOS 17.4 patch list, Apple fixed a whopping six flaws in WebKit, the engine that underpins the Safari browser. In addition to the three issues Apple originally detailed as patched in iOS 17.4, the iPhone maker has listed nearly 40 fixes on its security page. It’s not clear why these weren’t listed in the initial iOS 17.4 release, but it’s obvious that Apple highlighted the already-exploited flaws to let people know about the urgency of the upgrade. On March 7, Apple released more details about the security issues fixed in iOS 17.4, as well as updates for its other devices. Update: Apple Security Fixes In Detail, Patches More Devices Apple no longer supports iOS 16 for devices later than the iPhone X, so if you don’t upgrade, you are leaving yourself open to attack. However, it’s also worth bearing in mind that if your iPhone can run iOS 17, you need to upgrade to the latest software version, iOS 17.4. Instead, the update for older iPhone probably contains bug fixes, so it’s worth prioritizing if you have an older iPhone. The iOS 15.8.2 update doesn’t include any CV entries-in other words, there are no security fixes included. Other iPhone UpdatesĪlongside iOS 17.4 and iOS 16.7.6, Apple has also released iOS 15.8.2 and iPadOS 15.8.2 for the iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation). Meanwhile, a flaw in Safari Private Browsing could cause a user's locked tabs to be briefly visible while switching tab groups. “Attackers would need to try to get the victim to install a malicious application or exploit a previous vulnerability that has not been patched.”Īpple’s iOS 17.4 also fixes an issue in Accessibility that could enable an app to read sensitive location information. However it would be “extremely difficult” to successfully perform the attack, he says.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |