December 2 replace under. This submit was first revealed on November 30, 2023.
The iOS 17.1.1 iPhone replace landed on Tuesday, November 7, 2023. Simply three weeks later, Apple has delivered its subsequent launch, iOS 17.1.2, warning all customers to replace now. Right here’s what’s in it and how one can get it immediately.
Apple releases iOS 17.1.2.
David Phelan
Which iPhones Can Run iOS 17.1.2?
Like all of the releases because the arrival of iOS 17 again in September, this new replace is suitable with all iPhones launched in 2018 or after. Which means iPhone Xs, iPhone Xs Max and iPhone Xr from 2018, then iPhone 11, iPhone 11 Professional, iPhone 11 Professional Max, plus all of the iPhone 12, iPhone 13, iPhone 14 and iPhone 15 variants. It additionally consists of iPhone SE second- and third-generation fashions.
How To Get It
In your iPhone, open the Settings app, select Normal, then Software program Replace. Right here, you’ll see sections on Automated Updates, and Beta Updates. Whether or not you might have computerized updates on or off, you may select to obtain the brand new software program now. Decide Obtain and Set up, and your iPhone can be prepared very quickly.
What’s In The Launch
This replace has been one thing of a shock. We have been all ready for iOS 17.2, which is predicted in December and consists of a variety of new options in addition to bug fixes.
However final week there have been rumors of an in-between launch, and that’s what that is. It’s not a Speedy Safety Response, the type that Apple pioneered earlier this yr and which is designed to make sure that essentially the most pressing safety fixes might be deployed as quickly as attainable, with out ready for the following common replace. These are solely for safety fixes, that’s, they’ll’t embody new options, for example. RSRs are simply noticed by the bracketed letter on the finish of the model quantity, and so they can’t be added to whole-number updates. In different phrases, whilst you might have iOS 17.1.1 (a), you couldn’t have iOS 17 (a). Anyway, this isn’t an RSR.
Nonetheless, there aren’t any new options. Apple merely says, “This replace gives vital safety fixes and is really helpful for all customers.”
It appears to be like like we have to await iOS 17.2, anticipated in December, for shiny new options, together with the much-anticipated Journal app, modifications to the Apple TV app and methods to alter notification sounds.
Apple has now revealed its safety notes, and it’s now clear that’s why this replace has landed when it did. Once you see the phrases “this situation could have been exploited,” as seem within the notes, it’s a sign that the replace is pressing and offers with vital stuff. On this case, each fixes are for WebKit, Apple’s net browser engine, the primary the place delicate data might have been disclosed, whereas the opposite could have been exploited for arbitrary code execution.
Full notes under. I’ll be wanting into how profitable this launch has been or whether or not it’s induced issues, and advising whether or not you need to replace or not. So, please test right here for full particulars.
December 2 replace. As quickly as Apple revealed the small print of the replace and the massive safety implications, it grew to become clear why iOS 17.1.2 was launched as quickly because it was. Zero-day vulnerabilities, as they’re referred to as, are severe, as they seek advice from a vulnerability that was beforehand unknown to the developer, giving zero days of consciousness and protection towards it. As Bleeping Pc has identified, there have been a bunch of them this yr. Those on this replace are the nineteenth and twentieth zero-day vulnerabilities that Apple has fixe in 2023.
Because the Each day Mail reported, attackers are on the market. Michael Covington, VP of Technique at Jamf, defined, “These newest OS updates present that attackers proceed to deal with exploiting the framework that downloads and presents web-based content material.” Covington went on to say not solely that they may result in information leakage and arbitrary code execution, however that they “look like tied to focused assaults which are widespread towards high-risk customers.”
There was excellent news, too within the feedback, when Covington added, “Although these patches validate that Apple units aren’t proof against cyber threats, the patching course of helps to scale back the assault floor Now that the patches are issued, it’s as much as customers, and organisations that utilise Apple units for work, to replace their units and monitor for compliance to make sure that all essential units are not weak as quickly as attainable.”
The arrival of iOS 17.1.2 signifies that these issues must be mounted, and we are able to await the following iOS launch. Until there’s a hiccup, that can be iOS 17.2 and will land this aspect of Christmas.
Apple’s safety notes observe.
WebKit
Out there for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, and iPad mini fifth technology and later
Influence: Processing net content material could disclose delicate data. Apple is conscious of a report that this situation could have been exploited towards variations of iOS earlier than iOS 16.7.1.
Description: An out-of-bounds learn was addressed with improved enter validation.
WebKit Bugzilla: 265041
CVE-2023-42916: Clément Lecigne of Google’s Menace Evaluation Group
WebKit
Out there for: iPhone XS and later, iPad Professional 12.9-inch 2nd technology and later, iPad Professional 10.5-inch, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad sixth technology and later, and iPad mini fifth technology and later
Influence: Processing net content material could result in arbitrary code execution. Apple is conscious of a report that this situation could have been exploited towards variations of iOS earlier than iOS 16.7.1.
Description: A reminiscence corruption vulnerability was addressed with improved locking.
WebKit Bugzilla: 265067
CVE-2023-42917: Clément Lecigne of Google’s Menace Evaluation Group
Comply with me on Twitter.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.