Apple iOS Update 17.3 mit Sicherheits und Bugfixes sowie neuer Diebstahlsicherung

Apple hat Anfang der Woche das Update 17.3 für iOS und iPadOS veröffentlicht. Weiterhin gibt es auch Updates für macOS mit macOS Sonoma 14.3, macOS Ventura 13.6.4 und macOS Monterey 12.7.3. Alle Apple Watch Besitzer können sich über das Update 10.3 freuen. Ebenso wurde der Safari aktualisiert und liegt nun in Version 17.3 vor. Apple TV Nutzer erhielten für ihr tvOS das Update 17.3.

Sicherheitsupdates gab es auch für ältere iPhone Modelle. So erhielten die iPhone Serien 8, i Plus, X, 7 und 6s das iOS Update in Version 16.7.5. bzw. 15.8.1 Selbes gilt auch für ältere iPads bis zum iPad Pro 12.9 der 1. Generation.

Die Apple Smart Watch erhielt ein neues Ziffernblatt. Mit Apple Music kann man nun mit Familie und Freunden zusammen Playlisten erstellen und bewerten.

Links zu den Sicherheitsupdates unter: https://support.apple.com/en-gb/HT201222

Apple iOS 17.3 erweiterter Diebstahlschutz

Eine Methode von Dieben, die aktuell ist, besonders hinterlistig und ausgenutzt wird, wurde durch das iOS 17.3 Update erschwert bzw. verhindert. Bei diesem Angriff spähen Diebe zunächst die PIN des iPhones aus und stehlen dann das iPhone oder iPad. Nun haben sie vollen Zugriff und sperren den Besitzer aus dem Apple Account aus. Nun können die Diebe in Ruhe auf iCloud und ggf. gespeicherte Kreditdaten zugreifen. Selbst das sperren oder löschen aus der Ferne kann der Besitzer nun nicht mehr ausführen was sehr ärgerlich ist.

Dies soll der ab iOS 17.3 eingeführte Schutz für gestohlene Geräte verhindern. Dieser setzt reine Biometrie voraus, sodass der PIN-Code nicht mehr ausreicht. Ist die Sicherheitsfunktion in den Einstellungen aktiviert erhöht dies erheblich die Sicherheit und erschwert den Dieben den Zugriff. Details in einem weiteren Artikel unter:

Apple iOS 17.3 und iPadOS 17.3 Security Updates

Apple Neural Engine

Available for devices with Apple Neural Engine: iPhone XS and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key
Description: A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions.
CVE-2024-23218: Clemens Lang

Kernel

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of Legendsec at QI-ANXIN Group

Mail Search

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and Ian de Marcellus

NSSpellChecker

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of files.
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Reset Services

Available for: iPhone XS and later
Impact: Stolen Device Protection may be unexpectedly disabled
Description: The issue was addressed with improved authentication.
CVE-2024-23219: Peter Watthey and Christian Scalese

Safari

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A user’s private browsing activity may be visible in Settings
Description: A privacy issue was addressed with improved handling of user preferences.
CVE-2024-23211: Mark Bowers

Shortcuts

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
Description: The issue was addressed with additional permissions checks.
CVE-2024-23203: an anonymous researcher
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to bypass certain Privacy preferences
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2024-23217: Kirin (@Pwnrin)

TCC

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An issue was addressed with improved handling of temporary files.
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to view a user’s phone number in system logs
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An access issue was addressed with improved access restrictions.
WebKit Bugzilla: 262699
CVE-2024-23206: an anonymous researcher

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 266619
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
WebKit Bugzilla: 265129
CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222

Safari 17.3 Security Updates

Safari

Available for: macOS Monterey and macOS Ventura
Impact: A user’s private browsing activity may be visible in Settings
Description: A privacy issue was addressed with improved handling of user preferences.
CVE-2024-23211: Mark Bowers

WebKit

Available for: macOS Monterey and macOS Ventura
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An access issue was addressed with improved access restrictions.
WebKit Bugzilla: 262699
CVE-2024-23206: an anonymous researcher

WebKit

Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 266619
CVE-2024-23213: Wangtaiyu of Zhongfu info

WebKit

Available for: macOS Monterey and macOS Ventura
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 267134
CVE-2024-23222