Apple released iOS 17.2 to address a dozen of security flaws

Apple released iOS 17.2 to address a dozen of security flaws

Pierluigi Paganini
December 12, 2023

Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices.

The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws.

The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code execution. The IT giant addressed the flaw by improving memory handling.

The flaw CVE-2023-42898 was discovered by Junsung Lee.

Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Processing web content may lead to arbitrary code execution.

Apple this week rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 16.7.3 and iPadOS 16.7.3 to address known flaws in older versions of the operating system.

Addressed issues include CVE-2023-42916 and CVE-2023-42917 which Apple fixed at the end of November.

Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Apple)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts