By Joe Rossignol
Apple today provided details of the security fixes included in last week's iOS 17.4.1 and iPadOS 17.4.1 software updates for iPhone and iPad.
In a support document, Apple says the updates fix an image-related security vulnerability that “could lead to the execution of arbitrary code.”
Full details:
CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2 1st generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later.
Impact: Image processing may cause arbitrary errors. code execution
Description. An out-of-bounds write issue has been addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
WebRTC
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later , iPad 6th generation and later, iPad mini 5th generation and later
Impact: Image processing may lead to arbitrary code execution
Description: Exit Out-of-bounds write issue resolved through improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
To update your iPhone or iPad, open the Settings app and tap General → “Software Update.”
Apple said it has fixed the same vulnerability in macOS 14.4.1 and VisionOS 1.1.1.
Related reviews: iOS 17, iPadOS 17 Related forums: iOS 17, iPadOS 17[43 comments]