Apple released iOS 17.4.1 and iPadOS 17.4.1 software updates for the iPhone and iPad last week, and today released details about the security fixes that were included in the updates.
In a support document, Apple noted that the updates fix an image-related security vulnerability that “may lead to arbitrary code execution.”
The full security fix details:
CoreMedia
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
WebRTC
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-1580: Nick Galloway of Google Project Zero
The updates can be downloaded and installed on compatible iPhones and iPads over-the-air by going to “Settings” -> “General” -> “Software Update.”
Apple says the same vulnerability was also patched in macOS 14.4.1 (released today) and visionOS 1.1.1 (released last week, alongside iOS 17.4.1).
