Apple on Monday rolled out security-themed iOS and iPadOS refreshes to address multiple serious vulnerabilities that expose mobile users to malicious hacker attacks.
The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes.
According to an advisory from Cupertino’s security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution when certain images are processed.
The iOS 17.2 rollout also addresses a code execution flaw in the WebKit rendering engine and a memory safety issue that allows apps to break out of the device sandbox.
The company also fixed a privacy issue in Accounts, an information disclosure issue in AVEVideoEncoder, an Extension Kit that allows access to sensitive user data, and a Siri flaw that allows an attacker with physical access to use the voice bot to access sensitive user data.
Apple also rolled out iOS 16.7.3 and iPadOS 16.7.3 to provide a batch of security fixes to devices running older versions of the operating system. Those updates also include fixes for previously documented WebKit zero-days caught via in-the-wild exploitation.
Related: Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day
Related: CISA Urges Fed Agencies to Patch Exploited Qualcomm Bugs
Related: Apple Patches WebKit Flaws Exploited on Older iPhones
Related: Trail of Bits Spinout iVerify Tackles Mercenary Spyware