It’s time to update your iPhones and iPads! Apple has just released iOS and iPadOS 17.1.2, and while it doesn’t have any new features, it fixes a couple of very important WebKit security flaws. WebKit is the browser engine used by Safari but also every other iOS and iPadOS web browser, and any app that opens a “web view” for content. So it’s perhaps the most important privacy and security vector to be concerned about.
Apple’s security page lists two fixes in iOS 17.1.2 and iPadOS 17.1.2, and there are no other changes in this release. The two updates are as follows:
WebKit
- Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
- Description: An out-of-bounds read was addressed with improved input validation.
WebKit
- Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
- Description: A memory corruption vulnerability was addressed with improved locking.
Both of these vulnerabilities have been exploited in the wild already, albeit only with iOS versions before iOS 16.7.1. Still, it’s important to grab the fixes right away.
To update your iPhone or iPad, open the Settings app, select General, then Software Update and Update Now, and follow the prompts.