When Apple released iOS 17.4.1 last week, it only provided the vaguest of descriptions, saying the update contains “important bug fixes and security updates and is recommended for all users.” Even the security update page, which provides details on which flaws were patched, was conspicuously blank.
On Monday, however, we found out why. Apple released macOS Sonoma 14.4.1, which contains several important bug fixes for nagging issues affecting Mac users, and published the CVE (common vulnerabilities and exposures) entries for a pair of critical issues. Apple also updated the iOS 17.4.1 page with the same patches, as well as visionOS 1.1.1 and macOS Ventura 13.6.6. Here is how Apple describes them:
CoreMedia
- Impact: Processing an image may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved input validation.
- CVE-2024-1580: Nick Galloway of Google Project Zero
WebRTC
- Impact: Processing an image may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved input validation.
- CVE-2024-1580: Nick Galloway of Google Project Zero
Additionally, the Safari 17.4.1 update includes the WebRTC fix but not the CoreMedia one. Apple didn’t say it was aware of the flaw being seen in the wild, so it’s important to patch it before hackers have a chance to exploit it.
To update your iPhone, head over to Settings, then General and Software Update, select Update Now, and follow the prompts. Apple is expected to release the first iOS 17.5 beta soon, possibly as early as this week.