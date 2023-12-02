December 2nd update below. This post was first published on November 30, 2023.

The iOS 17.1.1 iPhone update arrived on Tuesday, November 7, 2023. Just three weeks later, Apple has released its next release, iOS 17.1.2, warning all users to update now. Here’s what’s in it and how you can get it right away.

Apple releases iOS 17.1.2. David Phelan

Which iPhones can run iOS 17.1.2?

Like all releases since iOS 17 arrived in September, this new update is compatible with all iPhones released in 2018 or later. That means the iPhone Xs, iPhone This also includes the iPhone SE second and third generation models.

how to get it

On your iPhone, open the Settings app, select General, then select Software Update. Here, you will see sections on Automatic Updates and Beta Updates. Whether you have automatic updates turned on or off, you can choose to download new software now. Select Download and Install, and your iPhone will be ready in no time.

what’s in the release

This update has been somewhat of a surprise. We were all waiting for iOS 17.2, which is expected to arrive in December and include many new features as well as bug fixes.

But there were rumors of a release intermittently last week and that’s it. This is not a rapid security response, the kind that Apple initiated earlier this year and which is designed to ensure that the most urgent security fixes are deployed as quickly as possible, without waiting for the next regular update. can be done. They are exclusive to security fixes, that is, they cannot, for example, include new features. RSRs can be easily spotted by the bracketed letter at the end of the version number, and they cannot be added to a full-number update. In other words, while you can have iOS 17.1.1(a), you can’t have iOS 17(a). Anyway, it’s not RSR.

However, there are no new features. Apple says only, “This update provides important security improvements and is recommended for all users.”

It looks like we’ll have to wait for iOS 17.2, expected in December, for shiny new features including the much-awaited Journal app, changes to the Apple TV app, and ways to change notification sounds.

Apple has now published its security notes, and it is now clear that this is why the update was delayed when it came. When you see the words “This issue may have been exploited” appearing in the notes, it’s a sign that the update is urgent and concerns important things. In this case, both fixes are to Apple’s web browser engine WebKit, the first where sensitive information could be exposed, while the second could be used for arbitrary code execution.

Full notes below. I’ll look at how successful this release has been or whether it’s caused problems, and recommend whether you should update. So, please check here for complete details.

Update of December 2nd. As Apple revealed the details and larger security implications of the update, it became clear why iOS 17.1.2 was released so soon. Zero-day vulnerabilities, as they are called, are serious, as they refer to a vulnerability that was previously unknown to the developer, providing zero days of awareness and defense against it. As bleeping computer Has said, a group of them have come this year. This update contains the nineteenth and twentieth zero-day vulnerabilities that Apple has fixed in 2023.

In form of daily Mail Reported, attackers are there. “These latest OS updates show that attackers continue to focus on exploiting the frameworks that download and serve web-based content,” said Michael Covington, vice president of strategy at Jamf. Covington further said that not only can they cause data leakage and arbitrary code execution, but they “appear to be linked to targeted attacks that are common against high-risk users.”

There was also good news in the comments, when Covington said, “While these patches confirm that Apple devices are not immune to cyber threats, the patching process is helping to reduce the attack surface. Now that the patches have been released , so it is up to users, and organizations that use Apple devices for work, to update their devices and monitor compliance to ensure that all critical devices are no longer vulnerable as soon as possible.

The arrival of iOS 17.1.2 means that these problems should be fixed, and we can look forward to the next iOS release. As long as there are no glitches, that’ll be iOS 17.2 and should be out this side of Christmas.

Apple’s security notes follow.

webkit

Available for: iPhone 5th generation and later

Impact: Processing web content may expose sensitive information. Apple is aware of a report that this issue can be exploited against iOS versions prior to iOS 16.7.1.

Description: Out-of-bounds reads were addressed with improved input validation.

WebKit Bugzilla: 265041

CVE-2023-42916: Clement Lesigne of Google’s Threat Analysis Group

webkit

Available for: iPhone 5th generation and later

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue can be exploited against iOS versions prior to iOS 16.7.1.

Description: A memory corruption vulnerability was addressed with improved locking.

WebKit Bugzilla: 265067

CVE-2023-42917: Clement Lesigne of Google’s Threat Analysis Group

