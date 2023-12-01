Apple has released iOS 17.1.2, an emergency iPhone update that fixes two flaws — both of which are vulnerabilities. , [+] Used in real life attacks. Apple Iphone

Apple has released iOS 17.1.2, along with a warning against updating now. That’s because iOS 17.1.2 fixes two iPhone security flaws – both of which are already being used in real-life attacks.

Apple hasn’t provided many details about what’s been fixed in iOS 17.1.2, to give iPhone users as much time as possible to update before more attackers get their hands on the details. Both issues fixed in iOS 17.1.2 affect WebKit, the engine that underpins the iPhone maker’s Safari browser.

Tracked as CVE-2023-42916, the first flaw fixed in iOS 17.1.2 could see an iPhone user disclose sensitive information to an adversary. The second issue patched in 17.1.2, CVE-2023-42917, could allow an attacker who has tricked an iPhone user to interact with web content to execute code.

In both cases, Apple is “aware of a report that this issue could be exploited against versions of iOS prior to iOS 16.7.1,” the iPhone maker writes on its support page.

Why should you update to iOS 17.1.2 now?

Make no mistake, iOS 17.1.2 is an update you should apply right now. There are several reasons for this: iOS 17.1.2 is deprecated before iOS 17.2 because it is only for security, it does not contain any bug fixes or features.

At the time of writing, there is no update to iOS 16, other than the already available iOS 16.7.2. Apple said the issue was exploited on iPhones running iOS 16.7.1, so devices on iOS 16.7.2 may not be affected. However, if you haven’t updated to iOS 17 yet and you have a compatible device, I recommend you upgrade to iOS 17.1.2 right now.

Interestingly, iOS 17.1.2 is not released as a Rapid Security Response update – a new feature designed to push out important security fixes. However, a few months ago, the iPhone maker faced the embarrassment of having to withdraw one of these updates after it broke something else, so I suspect Apple doesn’t want to risk the same thing happening again.

The iPhone maker also sees the benefit of alerting people about iOS 17.1.2 instead of sending the update in the background. If people pay attention, they’re more likely to implement solutions.

Both issues fixed in iOS 17.1.2 were reported by Clement Lesigne of Google’s Threat Analysis Group, indicating that they could have been used in spyware-related attacks.

Attacks using spyware are scary, because they often occur without any kind of interaction from the user, for example through iMessage. Thankfully, they are heavily targeted at certain businesses, dissenters and journalists. If you fall into this category, consider using the iPhone’s lockdown mode in addition to upgrading to iOS 17.1.2.

Shawn Wright, head of application security at FeatureSpace, says it’s essential that users update to iOS 17.1.2 as soon as possible. “It is possible for an attacker to exploit these vulnerabilities by tricking a user into visiting a website,” he says.

They say that an attack taking advantage of the issues fixed in iOS 17.1.2 could have serious consequences. “If successfully exploited, attackers could gain the ability to execute code and access sensitive information.”

It’s also important to note that you’ll have to manually apply iOS 17.1.2 even if you have automatic updates enabled. This is because Apple releases security updates slowly, with some users waiting a week or more for their iPhones and iPads to be updated overnight.

So what are you waiting for? To keep your iPhone secure, go to your Settings > General > Software Update and download and install iOS 17.1.2 now.