iOS 17.0.1 與 iPadOS 17.0.1 版本更新 安全性更新
Apple 在2023年9月22日正式推出 iOS 17.0.1 與 iPadOS 17.0.1 版本更新,此版本為升級 iOS 17 的第一個更新,根據 Apple 官方的說明主要為安全性更新,主要修復了三個安全性問題,建議所有使用者進行更新。
更新版本:iOS 17.0.1、iPadOS 17.0.1
Apple 對於 iOS 17.0.1 與 iPadOS 17.0.1 更新說明
此版本更新沒有新增加功能,根據 Apple 官方的說明主要為安全性更新,與 iOS 16.7 及 iPadOS 16.7 相同主要修正個三個安全性問題,同樣修正了核心(Kernel)本地攻擊者可能能夠提升其權限,安全(Security)惡意 app 可能能夠繞過簽章驗證,網頁引擎(WebKit)處理網頁內容可能導致任意代碼執行。
以下是 Apple 對於此版本更新說明:
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Security
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
相關文章
-
iOS/iPadOS 更新 Apple 發佈舊系統安全性更新:iOS 15.7.9、iPadOS 15.7.9、macOS Big Sur 11.7.10、macOS Monterey 12.6.9
-
macOS 更新 macOS Ventura 13.4 版本更新 修正Apple Watch 解鎖 Mac 等問題
-
iOS/iPadOS 更新 iOS 16.3.1 與 iPadOS 16.3.1 版本更新 修正錯誤及安全性更新
-
watchOS 更新 watchOS 9.6.1 錯誤修正顫抖症狀偵測問題
-
Apple 新聞 2023年 Apple 秋季發表會:Apple Watch Ultra 2
-
iOS/iPadOS 更新 iOS 16.5.1(c) 與 iPadOS 16.5.1(c) 快速安全回應 安全性更新