Apple today provided details about the security fixes included in last week's iOS 17.4.1 and iPadOS 17.4.1 software updates for the iPhone and iPad.
In a support document, Apple said the updates patch an image-related security vulnerability that "may lead to arbitrary code execution."
The full details:
CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
WebRTC
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
To update your iPhone or iPad, open the Settings app and tap General → Software Update.
Apple said it has patched the same vulnerability in macOS 14.4.1 and visionOS 1.1.1 as well.
