An app may be able to cause unexpected system termination & other Fixes
iOSApple
Update from:Security Updates : iOS 17.7 and iPadOS 17.7
Released September 16, 2024
Accessibility
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features
- Description: This issue was addressed through improved state management.
- CVE-2024-44171: Jake Derouin
Compression
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files
- Description: A race condition was addressed with improved locking.
- CVE-2024-27876: Snoolie Keffaber (@0xilis)
Game Center
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to access user-sensitive data
- Description: A file access issue was addressed with improved input validation.
- CVE-2024-40850: Denis Tokarev (@illusionofcha0s)
ImageIO
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: Processing a maliciously crafted file may lead to unexpected app termination
- Description: An out-of-bounds read issue was addressed with improved input validation.
- CVE-2024-27880: Junsung Lee
ImageIO
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: Processing an image may lead to a denial-of-service
- Description: An out-of-bounds access issue was addressed with improved bounds checking.
- CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative, an anonymous researcher
IOSurfaceAccelerator
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to cause unexpected system termination
- Description: The issue was addressed with improved memory handling.
- CVE-2024-44169: Antonio Zek
Kernel
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: Network traffic may leak outside a VPN tunnel
- Description: A logic issue was addressed with improved checks.
- CVE-2024-44165: Andrew Lytvynov
Kernel
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may gain unauthorized access to Bluetooth
- Description: This issue was addressed through improved state management.
- CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef
Mail Accounts
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to access information about a user's contacts
- Description: A privacy issue was addressed with improved private data redaction for log entries.
- CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)
mDNSResponder
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to cause a denial-of-service
- Description: A logic error was addressed with improved error handling.
- CVE-2024-44183: Olivier Levon
Safari Private Browsing
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: Private Browsing tabs may be accessed without authentication
- Description: This issue was addressed through improved state management.
- CVE-2024-44127: Anamika Adhikari
Shortcuts
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: A shortcut may output sensitive user data without consent
- Description: This issue was addressed with improved redaction of sensitive information.
- CVE-2024-44158: Kirin (@Pwnrin)
Shortcuts
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to observe data displayed to the user by Shortcuts
- Description: A privacy issue was addressed with improved handling of temporary files.
- CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea
Sync Services
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to bypass Privacy preferences
- Description: This issue was addressed with improved checks.
- CVE-2024-44164: Mickey Jin (@patch1t)
Transparency
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An app may be able to access user-sensitive data
- Description: A permissions issue was addressed with additional restrictions.
- CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)
UIKit
- Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- Impact: An attacker may be able to cause unexpected app termination
- Description: The issue was addressed with improved bounds checks.
- CVE-2024-27879: Justin Cohen
