iOS 17.0.1 and iPadOS 17.0.1 are released with security updates that fix three zero-day vulnerabilities



Apple released iOS 17.0.1 and iPadOS 17.0.1 on September 21, 2023. Just a few days after

the official version of iOS 17 was released, the update includes several bug fixes as well as fixes for three zero-day vulnerabilities that were actually exploited to target politicians and journalists.

About the security content of iOS 17.0.1 and iPadOS 17.0.1 - Apple Support
https://support.apple.com/en-us/HT213926



Apple emergency updates fix 3 new zero-days exploited in attacks

https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/



Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

https://securityaffairs.com/151174/hacking/apple-zero-days.html

The three vulnerabilities that have been fixed are ' CVE-2023-41991 ', ' CVE-2023-41992 ', and ' CVE-2023-41993 '.

◆CVE-2023-41991
A vulnerability was found in the security framework that could allow an attacker to use a malicious app to bypass signature verification. The update fixes the certificate verification issue.

◆CVE-2023-41992
A vulnerability in the kernel framework could have allowed a local attacker to gain escalated privileges. This issue is fixed through improved checks.

◆CVE-2023-41993
A vulnerability in WebKit that could have allowed an attacker to execute arbitrary code by tricking a victim into visiting specially crafted web content has also been fixed with improved checks.



All three of these vulnerabilities may have been actively exploited against versions of iOS prior to iOS 16.7.

The update is compatible with iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

in Mobile,   Software,   Security, Posted by log1p_kr