Apple has released iOS 17.1 along with a warning to update your iPhone. That’s because iOS 17.1 fixes a hefty 21 security vulnerabilities, some of which could allow attackers to take over your iPhone.
Apple doesn’t give a lot of detail about what’s fixed in iOS 17.1, to give people as much time to update their iPhones as possible before more attackers can get hold of the details.
But among the issues patched in iOS 17.1 are flaws in the Kernel at the heart of the iPhone operating system and in the WebKit browser engine that underpins Safari, according to Apple’s support page.
The iOS 17.1 update fixes “pretty severe vulnerabilities” that could allow an attacker to gain control of your iPhone, warns Sean Wright, an independent security researcher.
“The vulnerabilities that allow an application to be able execute code with Kernel privileges could allow almost complete control of the device,” Wright says. “These could then be chained with the WebKit vulnerabilities to allow this to be weaponized as a remote exploit.”
Another “worrying flaw” fixed in iOS 17.1 is tracked as CVE-2023-42847. If exploited, the vulnerability could enable an attacker to access passkeys—a new secure authentication method aiming to replace passwords. “An attacker could then use the passkeys to access other services,” Wright says.
Apple Releases iOS 17.1 Amid A Surge In iPhone Flaws
The iOS 17.1 update comes after a number of emergency iPhone fixes for flaws already being used in real-life attacks, often utilizing spyware.
Apple has also released iOS 16.7.2 for users of older devices or those reluctant to upgrade to iOS 17, highlighting the fact that these iPhone fixes are important.
Meanwhile, Apple has issued iOS 15.8 for the iPhone 6s, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation), fixing a Kernel flaw that has already been used in real life attacks.
Tracked as CVE-2023-32434, the flaw could see an app able to execute arbitrary code with Kernel privileges. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7,” Apple said on its support page.
While Apple still updates iOS 16—at least for the time being—the iPhone maker only addresses what it sees as essential security fixes in older operating systems. Apple also waits longer before issuing fixes to iOS 16, leaving people more exposed to attacks.
The iPhone maker has been busy fixing bugs in iOS 17, so iOS 17.1 is a pretty good bet. I haven’t had any issues on my iPhone 14 so far since upgrading.
Other Bugs Fixed in iOS 17.1
As well as including a number of cool new iPhone features, iOS 17.1 fixes a number of bugs, including an iOS 17 issue that could cause your privacy settings to change, discovered by security researcher Tommy Mysk.
Mysk—along with another researcher Talal Haj Bakry—also reported one of the security vulnerabilities fixed in iOS 17.1, tracked as CVE-2023-42846. The flaw in mDNSResponder could see a device passively tracked by its Wi-Fi MAC address.
Why You Should Upgrade To iOS 17.1
Make no mistake, the issues fixed in iOS 17.1 are serious, but thankfully, none of them are being used in real-life iPhone attacks yet. “Nonetheless, this is still an important update that I highly recommend users update to,” Wright says.
I agree—updating to iOS 17.1 as soon as possible will protect your iPhone before attackers can get hold of the details. Staying one step ahead is always important, especially if you think you could be a target.
So what are you waiting for? Go to your Settings > General > Software Update and download iOS 17.1 as soon as you can.
Read the full article here
