Another emergency patch: Updates for iOS, iPadOS, macOS and watchOS have been available since Thursday evening, with which Apple patches serious security gaps that have already been actively exploited. What’s astonishing is that the most recent exploit that became known was barely a week ago. This time too, the Canadian security institute Citizen Lab at the University of Toronto alerted Apple to the attack.
Advertisement
First update for iOS 17
iOS 17.0.1 and iPadOS 17.0.1 are now available – the first updates for iOS 17 and iPadOS 17 ever. iOS 16.7 and iPadOS 16.7 have also been made available for iPhones and iPads that have not yet been updated. watchOS 10.0.1 and watchOS 9.6.3 are available for the Apple Watch, and the macOS Ventura 13.6 and macOS Monterey 12.7 updates are available for the Mac. Finally, Apple is shipping a new Safari version 16.6.1 for installation on macOS Big Sur (11) and macOS Monterey.
According to Apple, the updates contain “important bug fixes and security updates.” Details can be found in the support section of the group’s website. On iPhone, iPad and Mac, a kernel bug that can be used for privilege escalation and a bug in the security routine (certificate validation) are fixed. There is also a WebKit error that apparently provided the gateway and allowed arbitrary code to be executed. Only the kernel and security patches were made on the Apple Watch; on Monterey and Big Sur you also have to install Safari 16.6.1 for the WebKit patch.
Versions before iOS 16.7 attacked
As mentioned, the bugs and exploit were discovered by Citizen Lab, with support coming from Google’s Threat Analysis Group. Initially there was no information about who the attacker was and what victims there were. The exploit from a week ago came from the controversial spy company NSO Group, against which Apple is taking legal action. The iPhone manufacturer also said the attacks were “targeted against iOS versions prior to 16.7.”
It still remains unclear which security-related errors iOS 17 and iPadOS 17 as well as watchOS 10 and tvOS 17 will iron out. There are likely to be a number of them, but Apple is still not providing any information and continues to write that details will come “soon”. This leads to the paradoxical situation that information about a newer iOS is already available, but not yet about iOS 17. Buyers of the iPhone 15 and 15 Pro, which will be officially delivered for the first time on Friday, will receive iOS 17.0.2 with the security patches, which should be installed as quickly as possible.
(bsc)