iOS 17.0.1 and iOS 17.0.2 Fix Critical Security Vulnerabilities
Apple has released an upgrade just hours after the launching of the new iPhone 15 series, and less than a week after iOS 17 became available for older iPhones. Surely unprecedented?
Here’s everything you need to know.
Which Update Do You Require?
iOS 17.0.2 is required if you own an iPhone 15 series, a small but rapidly rising group. Other users require iOS 17.0.1.
Which iPhones are compatible with iOS 17.0.1 and iOS 17.0.2?
iOS 17.0.1 is compatible with iPhones released in 2018 or later. That implies the iPhone Xs, Xs Max, and Xr are the oldest phones, followed by the iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and all subsequent phones. This contains the second- and third-generation iPhone SE models. iOS 17.0.2, the second new version, is only available for the iPhone 15, iPhone 15 Plus, iPhone 15 Pro, and iPhone 15 Pro Max.
How To Get It
Updating to the latest software is simple, and the download isn’t large (430MB on my iPhone 14 Pro Max), so it shouldn’t take long.
Launch the Settings app, then go to General, then Software Update. Of course, you’ll only be offered updates that are relevant to your device. Select Download and Install next, and you’ll be up to current in no time.
What’s in The Release
This update only addresses security vulnerabilities and contains no new functionality. These will be included in iOS 17.1, which is expected to be delivered to developers soon. Meanwhile, this update is intended to fix three bugs.
Apple claims that each of these problems was previously addressed in iOS 16.7. Two of the three are improved by the current version. Two of them benefit from better checks as a result of the new software, and one addresses a certificate validity issue.
What’s most concerning about all three, and what no sure prompted the quick deployment of these patches, is that they were almost certainly actively exploited in the real world before iOS 16.7 arrived.
The first of the three is a Kernel bug, which Apple describes as “a local attacker may be able to elevate their privileges.” The second concern, Security, acknowledges that a malicious software “may be able to bypass signature validation.” The certificate validation issue was addressed here.
The third is a WebKit fix, which could have resulted in “arbitrary code execution” when parsing web content. It has now been fixed, as has the Kernel issue, with improved checks.
Apple, as usual, says, “For our customers’ protection, Apple does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”