iOS 17.0.1, iPadOS 17.0.1, and macOS 13.6 bring critical security patches
Apple unleashed the current major releases of iOS and iPadOS on September 18. Both labeled 17, they also received 17.0.1-labeled security updates only three days later. On September 21, Apple also released macOS Ventura 13.6, about two months after macOS Ventura 13.5. All these recent software updates come with patches for serious security flaws and should be applied as soon as possible.
According to the document concerning the latest patch for iOS and iPadOS, the version 17.0.1 of these pieces of code targets a Kernel-level vulnerability discovered by Bill Marczak of The Citizen Lab at The University of Toronto's Munk School and Maddie Stone of Google's Threat Analysis Group. This security hole has the potential to allow a local attacker to elevate privileges and might have been exploited against pre-iOS 16.7 versions.
The issue mentioned above is labeled CVE-2023-41992 and it was addressed by improving security checks. The same researchers discovered two other problems, labeled CVE-2023-41991 and CVE-2023-41993.
The first one involves malicious apps that could bypass signature validation, and was patched via a certificate validation issue.
The last issue mentioned above affected WebKit and involved the potential for processing online content to lead to arbitrary code execution. This time, improved checks were added to take care of it as well.
Finally, there is also macOS Ventura 13.6, which arrives with security patches for CVE-2023-41992 and CVE-2023-41991. Additional CVE entries will be added in the coming days, so this update is most likely ironing out other issues.
In addition to all the above, it should also be mentioned that watchOS 10.0.1 and watchOS 9.6.3 have also been released recently to address the first two of the three CVEs.