X
search

Apple discloses major security flaws patched by iOS 17.4.1

Pictured: Faisal Rasool
By Faisal Rasool
March 26, 2024
Featured image for Apple discloses major security flaws patched by iOS 17.4.1

Apple has finally disclosed the details of security threats the recent iOS 17.4.1 and iPadOS 17.4.1 updates have patched. When the company released said update about a week ago, there was no such indication. But in a support page document, Apple has disclosed the security problems that iOS 17.4.1 and iPadOS 17.4.1 fix.

iOS 17.4.1 patch rundown finally disclosed by Apple: Here’s what it fixed

Previously, the company’s support page for the updates only said “Details coming soon,” without revealing CVE (Common Vulnerabilities and Exploitation) numbers for those flaws. However, the company still insisted on installing the new updates promptly stating that they include critical bug fixes and security enhancements necessary for all users.

The support page has now been updated to give comprehensive details of the vulnerabilities fixed by iOS 17.4.1 and iPadOS 17.4.1. One of the most critical patches addressed a flaw in CoreMedia, which is a media framework that runs on various Apple devices such as iPhones and iPads.

An attacker who would have exploited this vulnerability could have run arbitrary commands or code on the target device through a malicious image (which covers iPhone XS onwards and some select iPad models). The update effectively mitigates this risk by eliminating the vulnerability from the affected devices.

Apple claims there were no cases of exploitation from these vulnerabilities

Although there are no known cases of exploitation, an out-of-bounds write issue became prominent with this flaw assigned a CVE-2024-1580 listing number and discovered by Nick Galloway of Google Project Zero.

Another significant vulnerability exposed via Apple is an error in WebRTC. It’s a technology that allows communication through web browsers and mobile apps. Like the CoreMedia flaw, this security hole could lead to the execution of unauthorized code on various iPhone and iPad models.

Again, Apple reassured users that there were no reported incidents of exploit attempts, with fault CVE-2024-1580 spotted and submitted by Nick Galloway from Google Project Zero. However, it is still advisable to update your Apple devices to the iOS 17.4.1 update, making sure there’s no room for attacks.

  翻译: