Apple has delivered a sweeping array of security updates spanning its diverse product portfolio, ensuring the protection of iPhones, iPads, Macs, Apple Watches, and Apple TVs.
For iPhone users, the following updates are available:
- iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later receive iOS 17.1 or iPadOS 17.1.
- iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later get iOS 16.7.2 or iPadOS 16.7.2.
- iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) get iOS 15.8 or iPadOS 15.8.
Meanwhile, Apple TV HD and Apple TV 4K (all models) can take advantage of tvOS 17.1.
Apple Watch Series 4 and later received watchOS 10.1.
Notably, these updates have addressed several critical vulnerabilities, including:
- CVE-2023-40423, a severe vulnerability in IOTextEncryptionFamily that enables the execution of arbitrary code with kernel privileges.
- CVE-2023-40413, a vulnerability in Find My that could allow unauthorized access to sensitive location information.
- CVE-2023-40416, a vulnerability in ImageIO that could result in the disclosure of process memory during image processing.
- CVE-2023-42847, a vulnerability in Passkeys that permits unauthorized access to passkeys without authentication.
- CVE-2023-42841, a vulnerability in Pro Res that allows an app to execute arbitrary code with kernel privileges.
- A set of vulnerabilities in Siri, including CVE-2023-41982, CVE-2023-41997, and CVE-2023-41988, could be exploited by attackers with physical access to access sensitive user data.
- CVE-2023-40447 and CVE-2023-42852, vulnerabilities in WebKit that could enable arbitrary code execution through specially crafted websites.
- CVE-2023-32434, a vulnerability that may have been actively exploited against iOS versions prior to 15.7, allowing arbitrary code execution with kernel privileges.
- CVE-2023-41989, enabling an attacker to execute arbitrary code as the root user from the Lock Screen due to an Emoji-related vulnerability.
- CVE-2023-38403, a vulnerability in iperf3 before 3.14 that could cause an integer overflow and heap corruption.
- CVE-2023-42856, a vulnerability in Model I/O that could lead to unexpected app termination or arbitrary code execution.
- CVE-2023-40404, a vulnerability in Networking that could allow an app to execute arbitrary code with kernel privileges.
- CVE-2023-41977, a vulnerability in Safari that could expose browsing history to malicious websites.
Notably absent from the list of addressed vulnerabilities is iLeakage, a sophisticated side-channel attack in the Spectre family.
To ensure your device’s security, it is recommended to verify if you have received these updates. You can obtain the Safari update for your device by initiating an update or upgrade on your iPhone, iPad, or Mac. Stay protected in the ever-evolving digital landscape.