Posted in

Apple releases iOS and iPadOS 17.0.1, iOS 17.0.2, and iOS 16.7 With Security and Bug Fixes

GeoSn0wby GeoSn0w0
Apple releases iOS and iPadOS 17.0.1, iOS 17.0.2 and iOS 16.7 With Security and Bug Fixes
Apple releases iOS and iPadOS 17.0.1, iOS 17.0.2 and iOS 16.7 With Security and Bug Fixes

Today Apple released two new iOS updates, the iOS 17.0.1 with build number 21A340 and the iOS 17.0.2 update with build number 21A350.

The iOS 17.0.1 update is available for all supported iOS 17 devices except for iPhone 15. For the iPhone 15 models, iOS 17.0.2 is now available. You cannot install iOS 17.0.2 on devices older than iPhone 15.



iOS 17.0.1 and iOS 17.0.2 changelog

The changelog for both iOS 17.0.1 and iOS 17.0.2 contains security patches for 3 major vulnerabilities that appear to have been exploited in the wild:

  • Kernel: CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
  • WebKit: CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
  • Security: CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

The “Security” vulnerability states “A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7“.

It might be possible to implement something like Trollstore using this vulnerability!



iOS 16.7 changelog

The iOS 16.7 update patches the exact same vulnerabilities as iOS 17.0.1 and iOS 17.0.2, however, this update is meant for people who use devices that are not compatible with iOS 17.

Those devices are stuck on iOS 16 so Apple decided to push an iOS 16 build to fix these issues. This goes to show that the vulnerabilities may be a part of a powerful exploit chain used by threat actors.

The changelog of iOS 16.7 mentions “Additional CVE entries coming soon”. This could hint at even more vulnerabilities patched but not yet published.

If you’re interested in securing your device and do not care about jailbreaking, definitely update as soon as possible. For jailbreak enthusiasts, this is pretty good news!

More iDevice Central guides

Share this post
Twitter Facebook Discord Reddit Pinterest Telegram

GeoSn0w is an iOS and Jailbreak enthusiast who has been around for quite some time in the community. He developed his own jailbreaks before and is currently maintaining iSecureOS, one of the first iOS Anti-Malware tools for jailbroken devices. He also runs the iDevice Central on YouTube with over 149.000 Subscribers!

With over a decade of iOS jailbreak experience and several jailbreak tools built by him, GeoSn0w knows the jailbreak scene quite well having been part of several releases over the years.

GeoSn0w is also a programmer focused primarily on iOS App Development and Embedded programming. He codes in Swift, Objective-C and C, but also does PHP on the side.

Leave a Reply