It’s time to update your Apple devices yet again, but not for new features. Rather than adding things like collaborative playlists or the ability to change your default alert tone, this latest update patches two zero-day security vulnerabilities within iOS, iPadOS, and macOS.
What’s new with iOS 17.1.2 and macOS Sonoma 14.1.2
Table of Contents
Apple dropped the updates, iOS 17.1.2, iPadOS 17.1.2, and macOS Sonoma 14.1.2, on Thursday. Interestingly, each patches the same two issues, so the Mac update is essentially the same as the iOS and iPadOS updates.
The two zero-day vulnerabilities concern WebKit, the underlying platform that powers Safari. The first, tracked as CVE-2023-42916, leaves users vulnerable if they process malicious web content, which can disclose sensitive information to bad actors. The second, tracked as CVE-2023-42917, potentially allows for arbitrary code execution when the user processes malicious web content. That means a bad actor could potentially inject your system with their own code, and take control over your machine.
What makes these two vulnerabilities zero-days are that they may have been exploited against users. Apple acknowledged this in its security notes, specifically for versions of iOS before version 16.7.1. That implies that versions of iOS (and macOS) since aren’t necessarily affected by the zero-day, but may in the future if bad actors figure out how to exploit the vulnerabilities on these versions. In any case, it’s critical that all Apple users update their devices as soon as possible.
These updates come on the heels of Tuesday’s Chrome update, which patches one zero-day affecting Chromium-based browsers, like Chrome, Edge, and Brave.
How to update your iPhone and iPad
To update to iOS and iPadOS 17.1.2, open Settings > General > Software Update. Allow your iPhone or iPad to look for the new update. When available, follow on-screen instructions to download and install the software on your device.
How to update your Mac
On macOS, open System Settings > General > Software Update. Once the update appears, follow the on-screen instructions to download and install it.