iOS 17.1.2—Update Now Warning Issued To All iPhone Users | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Apple has released iOS 17.1.2, along with a warning to update now. That’s because iOS 17.1.2 fixes two iPhone security flaws—both of which are already being used in real-life attacks.

Apple doesn’t give much detail about what’s fixed in iOS 17.1.2, to give iPhone users as much time as possible to update before more attackers can get hold of the details. Both issues fixed in iOS 17.1.2 affect WebKit, the engine that underpins the iPhone maker’s Safari browser.

Tracked as CVE-2023-42916, the first flaw fixed in iOS 17.1.2 could see an iPhone user disclose sensitive information to an adversary. The second issue patched in 17.1.2, CVE-2023-42917, could allow an attacker who has tricked an iPhone user into interacting with web content to execute code.

In both cases, Apple is “aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” the iPhone maker wrote on its support page.

Why You Should Update to iOS 17.2.1 Now

Make no mistake, iOS 17.1.2 is an update you should apply right now. The reasons for this are multiple: iOS 17.1.2 has been pushed out before iOS 17.2 because it is security-only, containing no bug fixes or features.

At the time of writing, there is no update to iOS 16, beyond already available iOS 16.7.2. Apple said the issue was exploited on iPhones running iOS 16.7.1, so devices on iOS 16.7.2 may not be impacted. However, if you haven’t updated to iOS 17 yet and have a compatible device, I recommend you upgrade to iOS 17.1.2 now.

Interestingly, iOS 17.1.2 hasn’t been issued as a Rapid Security Response update—a new feature designed to push out important security fixes. However, a few months ago, the iPhone maker was left red-faced after having to pull one of these updates when it broke something else, so I suspect that Apple doesn’t want to risk the same thing happening again.

The iPhone maker also sees the advantage of alerting people to iOS 17.1.2, rather than pushing out updates in the background. If people take notice, they are more likely to apply the fix.

Both of the issues fixed in iOS 17.1.2 were reported Clément Lecigne of Google’s Threat Analysis Group, indicating they could have been used in spyware-related attacks.

Attacks utilizing spyware are scary, because they often take place without any interaction from the user, via an iMessage, for example. Thankfully, they are highly targeted at certain businesses, dissents and journalists. If you fall under this category, consider using the iPhone’s Lockdown Mode in addition to upgrading to iOS 17.1.2.

It’s essential that users update to iOS 17.1.2 as soon as possible, says Sean Wright, head of application security at Featurespace. “It is possible for an attacker to exploit these vulnerabilities just by persuading a user to visit a website,” he says.

The consequences of an attack taking advantage of the issues fixed in iOS 17.1.2 could be dire, he says. “If successfully exploited, attackers could gain the ability to execute code and access sensitive information.”

Also important to note is you need to apply iOS 17.1.2 manually, even if you have automatic updates enabled. That’s because Apple rolls out security updates gradually, with some users waiting a week or more for their iPhones and iPads to update overnight.

So what are you waiting for? Go to your Settings > General > Software Update and download and install iOS 17.1.2 now to keep your iPhone safe.

Follow me on Twitter or LinkedIn. 


Click Here For The Original Source.

National Cyber Security