iOS 17.0.1 與 iPadOS 17.0.1 版本更新 安全性更新

iOS 17.0.1 與 iPadOS 17.0.1 版本更新 安全性更新
作者:Jin

Apple 在2023年9月22日正式推出 iOS 17.0.1 與 iPadOS 17.0.1 版本更新,此版本為升級 iOS 17 的第一個更新,根據 Apple 官方的說明主要為安全性更新,主要修復了三個安全性問題,建議所有使用者進行更新。

更新版本:iOS 17.0.1、iPadOS 17.0.1

Apple 對於 iOS 17.0.1 與 iPadOS 17.0.1 更新說明

此版本更新沒有新增加功能,根據 Apple 官方的說明主要為安全性更新,與 iOS 16.7 及 iPadOS 16.7 相同主要修正個三個安全性問題,同樣修正了核心(Kernel)本地攻擊者可能能夠提升其權限,安全(Security)惡意 app 可能能夠繞過簽章驗證,網頁引擎(WebKit)處理網頁內容可能導致任意代碼執行。

以下是 Apple 對於此版本更新說明

Kernel

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Security

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: A certificate validation issue was addressed.
CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

相關文章
作者簡介
個人頭像照片
努力寫文中!