iOS 17.3 fixes 15 serious security bugs on iPhone

Apple has officially released iOS 17.3 for the iPhone, an update loaded with improvements such as new protection against theft of the iPhone or collaborative Apple Music lists, but it is an update that includes well more. The company reported that iOS 17.3 also fixes up to 15 serious security bugs which had been found on iOS.

This means that iOS 17.3 is not only a recommended update for its new features, It is also for all the errors that it resolves. We therefore recommend that you enter Settings > General > Software Update and Download iOS 17.3 as soon as possible on your iPhone. These bugs are also fixed in iPadOS 17.3 and macOS 14.3, which were also released yesterday and which you need to install.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until an investigation has taken place and patches or releases are generally available.

iOS 17.3 fixes important bugs

The 15 security errors fixed by iOS 17.3

Apple has updated its security page revealing all security vulnerabilities fixed in iOS 17.3. There were bugs that allowed third-party applications to access confidential user data, so we are facing significant vulnerabilities.

Here are the bugs fixed in iOS 17.3:

Apple motor neuron

• Available for devices with Apple Neural Engine: iPhone later and iPad mini 5th generation and later
• Impact: An application may be able to execute arbitrary code with kernel privileges
• Description: The issue has been resolved with better memory management.
• CVE-2024-23212: Baidu Ye Zhang Security

CoreCrypto

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An attacker may be able to decrypt old RSA PKCS#1 v1.5 ciphertexts without having the private key.
• Description: Fixed a time-side channel issue with improvements to constant-time calculation in cryptographic functions.
• CVE-2024-23218: Clémens Lang

Core

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to execute arbitrary code with kernel privileges
• Description: The issue has been resolved with better memory management.
• CVE-2024-23208: fmyy (@binary_fmyy) and file from the Legendsec TIANGONG team of the QI-ANXIN group

Search by mail

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to access sensitive user data
• Description: This issue was resolved by better wording of sensitive information.
• CVE-2024-23207: Noah Roskin-Frazee and his professor J. (ZeroClicks.ai Lab), and Ian de Marcellus

NSSpellChecker

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to access sensitive user data
• Description: Fixed a privacy issue with better file handling.
• CVE-2024-23223: Noah Roskin-Frazee and Professor J. (ZeroClicks.ai Lab)

Catering services

• Available for: iPhone XS and later
• Impact: Stolen device protection may be disabled unexpectedly
• Description: The issue has been resolved with improved authentication.
• CVE-2024-23219: Peter Watthey and Christian Scalese

Safari

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: A user’s private browsing activity may be visible in Settings
• Description: Fixed a privacy issue with better management of user preferences.
• CVE-2024-23211: Mark Bowers

Shortcuts

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
• Description: The issue was resolved with additional permission checks.
• CVE-2024-23203: An anonymous researcher
• CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to bypass certain privacy preferences
• Description: Fixed a privacy issue with better handling of temporary files.
• CVE-2024-23217: Done (@Pwnrin)

CTC

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to access sensitive user data
• Description: Fixed an issue with better handling of temporary files.
• CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time zone

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: An application may be able to display a user’s phone number in system logs
• Description: This issue was resolved by better wording of sensitive information.
• CVE-2024-23210: Noah Roskin-Frazee and Professor J. (ZeroClicks.ai Lab)

Webkit

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: A maliciously crafted web page may be able to fingerprint the user.
• Description: Fixed an access issue with improved access restrictions.
• WebKit bug: 262699
• CVE-2024-23206: An anonymous researcher

Webkit

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: Processing web content may lead to arbitrary code execution
• Description: The issue has been resolved with better memory management.
• WebKit bug: 266619
• CVE-2024-23213: Information about Wangtaiyu of Zhongfu

Webkit

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: Processing malicious web content can lead to arbitrary code execution
• Description: Fixed several memory corruption issues with better memory management.
• WebKit bug: 265129
• CVE-2024-23214: Nan Wang (@eternalsakura13) of 360 ​​Vulnerability Research Institute

Webkit

• Available for: iPhone, iPad 6th generation and later, and iPad mini 5th generation and later
• Impact: Processing malicious web content can lead to arbitrary code execution. Apple is aware of a report indicating that this issue may have been exploited.
• Description: Fixed type confusion issue with improved checks.
• WebKit bug: 267134
• CVE-2024-23222