Apple released emergency security patches for iOS, iPadOS and WatchOS to kill several zero-day security vulnerabilities found in OS 17 just after it was released on Monday. The vulnerabilities might’ve been “actively exploited” in versions of the software prior to iOS 16.7.
Zero day vulnerabilities are gaps in security that hackers discovered before Apple did. The bugs spotted and patched yesterday make a total of 16 zero-days fixed this year, according to Bleeping Computer. Users should make it a priority to get their software updated to the latest version, and it’s a reminder that sometimes it pays to wait a few days before installing a big update to the operating system.
To update your device, open the Settings app, select General and choose Software Updates. You should see a new available update and be able to tap Update Now. Apple said the update is recommended for all users.
Issues included the risk of a local attacker being able to elevate their privileges, a malicious app possibly bypassing signature validation and processing web content that could lead to arbitrary code execution, according to Apple’s support page for iOS 17.0.1 and iPadOS 17.0.1.
The watchOS 10.0.1 bugs also included the risk of a local attacker being able to elevate their privileges and a malicious app possibly bypassing signature validation.
The bugs were found by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Last week, Apple hosted its “Wanderlust” product launch event and unveiled the new smartphone lineup – the iPhone 15, the iPhone 15 Plus and the iPhone 15 Pro and Pro Max. Reveals also included the Apple Watch Series 9, Apple Watch Ultra 2 and updates for the Apple Vision Pro.