Apple releases iOS 17.5 with new feature to detect and warn of unknown Bluetooth trackers
Apple has started distributing iOS 17.5 , the latest version of iOS, the operating system for iPhones. The data capacity is 1.05GB. iPadOS 17.5 has also been released at the same time.
About the security content of iOS 17.5 and iPadOS 17.5 - Apple Support
In the Settings app, tap General > Software Update, then tap Update Now to update to iOS 17.5. The data size of iOS 17.5 is 1.05GB.
Regarding iOS 17.5, Apple has warned that 'Some features may not be available depending on your region or Apple device.' The following two points are listed as the contents of this update:
Lock screen
- New Pride Radiance wallpaper added to your lock screen, celebrating the LGBTQ+ community and culture
Tracking Notifications
Cross-platform tracking detection will notify users if a Bluetooth tracker that does not belong to them is moving with them, regardless of the operating system the device is paired to.
The tracking notification feature added to iOS 17.5 is a feature that 'warns the user of the presence of unknown Bluetooth trackers that do not belong to the user if they are detected.' When implementing this tracking notification feature, Apple and Google announced a standard called 'Detection of Nuisance Location Trackers.'
Apple and Google announce standard to warn users about unknown Bluetooth devices tracking them - GIGAZINE
In addition, iOS 17.5 and iPadOS 17.5 also include several security updates.
◆AppleAVD
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An app may be able to execute arbitrary code with kernel privileges.
explanation:
This issue was addressed by improving memory handling. (CVE-2024-27804)
◆Apple Mobile File Integrity
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker may be able to access user data.
explanation:
Improved checks address the logic issue. (CVE-2024-27816)
◆AVE Video Encoder
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An app may be able to disclose kernel memory.
explanation:
This issue was addressed by improving memory handling. (CVE-2024-27841)
◆Search
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
A malicious application may be able to determine the user's current location.
explanation:
Resolved by moving sensitive data to a more secure location. (CVE-2024-27839)
Kernel
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker may be able to cause an unexpected application termination or arbitrary code execution.
explanation:
This issue was addressed by improving memory handling. (CVE-2024-27818)
◆Rib system
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
The app may have access to protected user data.
explanation:
Addressed by removing the vulnerable code and adding additional checks. (CVE-2023-42893)
◆Map
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
It's possible that apps could read sensitive location information.
explanation:
The path handling issue was addressed through improved validation. (CVE-2024-27810)
◆Marketplace Kit
Compatible models:
iPhone XS and newer
Impact:
A maliciously crafted web page could distribute scripts that track users of other web pages.
explanation:
Addressed by improving client ID handling in alternative app marketplaces. (CVE-2024-27852)
Note
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker with physical access to an iOS device could potentially access notes through the lock screen.
explanation:
Addressed by improving state management. (CVE-2024-27835)
◆Remote View Service
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker may be able to access user data.
explanation:
Improved checks address the logic issue. (CVE-2024-27816)
Screenshots
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker with physical access may be able to share items through the lock screen.
explanation:
A permission issue was addressed through improved validation. (CVE-2024-27803)
◆Shortcuts
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
Shortcuts may output sensitive user data without consent.
explanation:
The path handling issue was addressed through improved validation. (CVE-2024-27821)
◆ Synchronization service
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
Apps may be able to bypass privacy settings.
explanation:
Addressed by improving checks. (CVE-2024-27847)
◆Voice control
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker may be able to escalate their privileges.
explanation:
Addressed by improving checks. (CVE-2024-27796)
◆WebKit
Compatible models:
iPhone XS or later, iPad Pro 12.9-inch (2nd generation or later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation or later), iPad Air (3rd generation or later), iPad (6th generation or later), iPad mini (5th generation or later)
Impact:
An attacker with arbitrary read and write capabilities may be able to bypass pointer authentication.
explanation:
Addressed by improving checks. (CVE-2024-27834)
In addition, Apple has launched the news distribution app Apple News + in the United States and Canada as a paid subscription, and in iOS 17.5, a word game called 'Quartiles' has been added to this Apple News +.
Apple News+ introduces Quartiles, a new game, and Offline Mode for subscribers - Apple
https://www.apple.com/newsroom/2024/05/apple-news-plus-introduces-quartiles-a-new-game-and-offline-mode-for-subscribers/
Related Posts:
