Apple today released iOS 17.0.1 and iPadOS 17.0.1 updates for the iPhone and the iPad, bringing bug fixes for the new software released earlier this week.
The software, build 21A340, can be downloaded and installed on compatible iPhones and iPads over-the-air by going to “Settings” -> “General” -> “Software Update.”
Apple’s release notes say the update provides bug fixes and important security updates for all eligible devices.
Apple’s security support document confirms that the update addresses several security vulnerabilities that may have been actively exploited against versions of iOS before iOS 16.7.
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Security
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
Apple has also released iOS 16.7 (build 20H19) for that have not yet been updated to iOS 17, or devices that are not compatible with iOS 17.