The iPhone update, iOS 17.1.1, was released on Tuesday, November 7, 2023. After three weeks, Apple released iOS 17.1.2, their next upgrade, advising all users to update immediately. What’s in it and how to acquire it right now are listed here.
What iPhone Models Support iOS 17.1.2?
This latest update is compatible with all iPhone models released in 2018 or later, just like all previous releases since the release of iOS 17 back in September. This includes the 2018 iPhone Xs, Xs Max, and XR, the iPhone 11, Pro, and Max models, and every iPhone 12, 13, 14, and 15 version. It also covers the second and third-generation iPhone SE models.
How to Acquire It
Open the Settings app on your iPhone, select General, and then Software Update. You may find sections on beta updates and automatic updates here. You can download the updated software immediately, regardless of whether you enable automatic updates. Your iPhone will be ready if you choose to Download and install it.
What Is Included With The Publication
This update caught us off guard a little bit. We were all waiting for iOS 17.2, which is anticipated to be released in December and brings bug fixes and many new features.
However, there were rumours last week about an in-between release, which is what this is. It’s not a Rapid Security Response like the ones Apple introduced earlier this year, which ensures the most critical security updates can be applied immediately without waiting for the subsequent regular update. They cannot, for example, contain new functionality; they are just for security fixes. RSRs are distinguished from whole-number updates by the letter bracketed at the end of the version number. Stated differently, it is possible to have iOS 17.1.1 (a) but not iOS 17 (a). Nevertheless, this isn’t an RSR.
There aren’t any fresh features, though. All Apple states are, “This update is recommended for all users and provides important security fixes.”
The eagerly awaited Journal app, updates to the Apple TV app, and the ability to customise notification sounds will have to wait until iOS 17.2, planned in December.
Since Apple has released its security notes, it is evident why this update was released at the time. The phrase “this issue may have been exploited” in the notes indicates that the update is critical and contains urgent information. In this instance, there are two solutions for Apple’s WebKit web browser engine. The first fix addresses a potential breach of sensitive data, while the second repair addresses a potential risk of arbitrary code execution.
Complete notes are provided below. I’ll investigate this release’s success, determine whether it has caused issues, and recommend an upgrade.
Updated December 2. When Apple disclosed the update’s specifics and significant security ramifications, it was evident why iOS 17.1.2 was made available so quickly. Known as “zero-day vulnerabilities,” these flaws are dangerous because they represent a vulnerability the developer was unaware of until it was too late, leaving them with no warning or defence. There have been a lot of them this year, as Bleeping Computer has noted. The zero-day vulnerabilities Apple fixed in 2023 are the nineteenth and twenty-ones included in this update.
There are attackers out there, as the Daily Mail has reported. “These latest OS updates show that attackers continue to focus on exploiting the framework that downloads and presents web-based content,” said Michael Covington, vice president of strategy at Jamf. In addition to the possibility of data leakage and arbitrary code execution, Covington continued, stating that they “seem to be tied to targeted attacks that are common against high-risk users.”
When Covington stated in the comments, “Even though these patches confirm that Apple devices are not impervious to cyber threats, the patching process is assisting in reducing the attack surface,” there was more positive news. Users and businesses using Apple devices for work must update their devices and check for compliance now that the patches have been released to guarantee that all vital devices are no longer susceptible as soon as possible.
These issues should be resolved with the release of iOS 17.1.2, so we may look forward to the next iOS release. That will be iOS 17.2, which should be released this side of Christmas, barring any hiccups.
Here are Apple’s security notes.
WebKit
Compatible with: iPad Air 3rd generation and later, iPad 6th generation and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPhone XS and later, and iPad mini 5th generation and later
Impact: Handling web content could lead to the disclosure of private data. According to a report, this bug might have been used against iOS versions before iOS 16.7.1, which Apple is aware of.
Description: Better input validation was implemented to address an out-of-bounds read.
Bugzilla for WebKit: 265041
Clément Lecigne from Google’s Threat Analysis Group, with CVE-2023-42916
WebKit
Compatible with: iPad Air 3rd generation and later, iPad 6th generation and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPhone XS and later, and iPad mini 5th generation and later
Impact: Using web content could result in the execution of random code. According to a report, this bug might have been used against iOS versions before iOS 16.7.1, which Apple is aware of.
Description: Better locking was implemented to mitigate a memory corruption problem.
Bugzilla for WebKit: 265067
Clément Lecigne from Google’s Threat Analysis Group, with CVE-2023-42917