Here’s why Apple released iOS 17.4.1 last week

When Apple released iOS 17.4.1 last week, it provided only the vaguest descriptions, saying the update contains “important bug fixes and security updates and is recommended for all users.” users”. Even the security update page, which provides details of the fixed vulnerabilities, was noticeably empty.

On Monday, however, we found out why. Apple has released macOS Sonoma 14.4.1, which contains several important bug fixes for persistent issues affecting Mac users, and has released CVE (common vulnerabilities and exposures) entries for two critical issues. Apple also updated the iOS 17.4.1 page with the same fixes, as well as visionOS 1.1.1 and macOS Ventura 13.6.6. Here’s how Apple describes them:

CoreMedia

• Impact: Processing an image can lead to the execution of arbitrary code
• Description: An out-of-bounds write issue has been resolved with improved input validation.
• CVE-2024-1580: Nick Galloway of Google Project Zero

WebRTC

• Impact: Processing an image can lead to the execution of arbitrary code
• Description: An out-of-bounds write issue has been resolved with improved input validation.
• CVE-2024-1580: Nick Galloway of Google Project Zero

Additionally, the Safari 17.4.1 update includes the WebRTC fix but not the CoreMedia one. Apple hasn’t said it’s aware of the flaw seen in the wild, so it’s important to patch it before hackers have a chance to exploit it.

To update your iPhone, go to Settings, then General And Software updateselect Update now, and follow the instructions. Apple is expected to release the first beta version of iOS 17.5 soon, possibly as soon as this week.