The latest security patches in iOS 17.1, iPadOS 17.1, macOS Sonoma 14.1 and the other operating system updates cover a range of potential exploits and vulnerabilities.
iOS 17.1 has several security patches
Apple has shared the security patch notes for its latest updates, and the list is extensive. Big point releases like iOS 17.1 generally have a lot of patches, but the number is somewhat surprising given iOS 17 had several smaller updates before the point one.
The iOS 17.1, iPadOS 17.1, watchOS 10.1, tvOS 17.1, and macOS Sonoma 14.1 updates arrived on October 25. Apple's security patch notes show that multiple vulnerabilities existed across several operating systems.
Security releases
There are a significant number of patches across every operating system, so we won't be listing everything here. Instead, here are some patches shared across multiple operating systems.
Contacts
- OS impacted: iOS, iPadOS, macOS
- Description: An app may be able to cause a denial-of-service, which was addressed with improved memory handling.
- CVE-2023-41072 and CVE-2023-42857
CoreAnimation
- OS impacted: iOS, iPadOS, macOS
- Description: An app may be able to cause a denial-of-service, which was addressed with improved memory handling.
- CVE-2023-40449
Find My
- OS impacted: iOS, iPadOS, macOS, watchOS
- Description: An app may be able to read sensitive location information, which was addressed with improved handling of caches.
- CVE-2023-40413
ImageIO
- OS impacted: iOS, iPadOS, macOS
- Description:Processing an image may result in disclosure of process memory, which was addressed with improved memory handling.
- CVE-2023-40416
IOTextEncryptionFamily
- OS impacted: iOS, iPadOS, macOS
- Description: An app may be able to execute arbitrary code with kernel privileges, which was addressed with improved memory handling.
- CVE-2023-40423
Kernel
- OS impacted: iOS, iPadOS, macOS, watchOS
- Description: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations, which was addressed with improved memory handling.
- CVE-2023-42849
mDNSResponder
- OS impacted: iOS, iPadOS, tvOS, watchOS
- Description: A device may be passively tracked by its Wi-Fi MAC address, which was addressed by removing the vulnerable code.
- CVE-2023-42846
Passkeys
- OS impacted: iOS, iPadOS, macOS
- Description: An attacker may be able to access passkeys without authentication, which was addressed with improved checks to a logic issue.
- CVE-2023-42847
Photos
- OS impacted: iOS, iPadOS, macOS
- Description: Photos in the Hidden Photos Album may be viewed without authentication, which was addressed with improved state management.
- CVE-2023-42845
Siri
- OS impacted:iOS, iPadOS, macOS, watchOS
- Description: An attacker with physical access may be able to use Siri to access sensitive user data, which was addressed by restricting options offered on a locked device.
- CVE-2023-41982, CVE-2023-41997, CVE-2023-41988
Other issues included WebKit vulnerabilities that could lead to arbitrary code execution, a weather bug that could give an app access to sensitive data, and a status bar issue that caused devices to fail to lock. The iOS 17.1 and iPadOS 17.1 page had eighteen fixes alone.
The full list of Apple security updates and details can be found on Apple's security releases website.