 |
| AppleがiPhoneやiPadなど向けiOS 17.7.1とiPadOS 17.7.1をリリース! |
Appleは28日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 17」や「iPadOS 17」の最新版「iOS 17.7.1(21H216)」および「iPadOS 17.7.1(21H216)」を提供開始したとお知らせしています。
対象機種はiOS 17やiPadOS 17の対応機種でiPhone XSシリーズやiPhone XR以降やiPhone SE(第2世代)以降、iPadOS 17はiPad(第6世代以降)およびiPad mini(第5世代以降)、iPad Air(第3世代以降)、12.9インチiPad Pro(第2世代以降)、10.5インチiPad Pro、11インチiPad Pro(第1世代以降)の各製品にて無料で更新可能となっており、次の最新バージョン「iOS 18」や「iPadOS 18」も提供開始されているため、iOS 18やiPadOS 18の対象機種はiOS 18やiPadOS 18またはiOS 17.7.1やiPadOS 17.7.1を選んで更新できます。
変更点は重要なセキュリティーアップデートが含まれているとしており、Kernelに関する「CVE-2024-44239」やShortcutsに関する「CVE-2024-44269」、Accessibilityに関する「CVE-2024-44274」、ImageIOに関する「CVE-2024-44215」および「CVE-2024-44297」などといったCVEに登録されている17個の脆弱性が修正されており、同社ではいくつかの脆弱性が悪用された可能性があるという報告を認識していると説明しています。
その他、すでに紹介しているようにiOSおよびiPadOSの最新バージョン「iOS 18.1」および「iPadOS 18.1」がリリースされているほか、スマートウォッチ「Apple Watch」向け「watchOS 11.1」、パソコン「Mac」向け「macOS Sequoia 15.1」、スマートテレビ「Apple TV」向け「tvOS 18.1」、スマートヘッドセット「Apple Vision Pro」向け「visionOS 2.1」なども配信開始しています。
Appleでは2021年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、今年も最新のiOS 18やiPadOS 18の正式版が配信開始されましたが、引き続いてしばらくiOS 17やiPadOS 17で使う場合を対象にセキュリティー修正のみを行ったソフトウェア更新を提供しており、今回は前回のiOS 17.7およびiPadOS 17.7に続いてiOS 17.7.1およびiPadOS 17.7.1が提供開始されました。
iOS 17やiPadOS 17の対象機種の場合には「設定」→「情報」→「ソフトウェア・アップデート」を表示すると、画面の下部に「その他の利用可能なアップデート」として「iOS 18にアップグレード」または「iPadOS 18にアップグレード」が表示されるのでそこからiOS 18やiPadOS 18に更新できるほか、iOS 18やiPadOS 18にアップグレードを選ばない場合にはiOS 17.7.1やiPadOS 17.7.1の更新画面で「ダウンロードしてインストール」を押せばiOS 17.7.1やiPadOS 17.7.1に更新されます。
なお、これまでのAppleの動きからするとしばらくはiOS 17やiPadOS 17へのセキュリティー修正が継続して提供されると思われます。なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 13 Pro MaxでiOS 17.4.1からの場合では1.22GBとなっています。更新は従来通りにiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。Appleが案内しているアップデートの内容およびセキュリティー修正は以下の通り。
iOS 17.7.1
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iPadOS 17.7.1
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
About the security content of iOS 17.7.1 and iPadOS 17.7.1
Released October 28, 2024
- Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: The issue was addressed with improved authentication.
CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake Derouin
- CoreText
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
- Foundation
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may result in disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative
- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted message may lead to a denial-of-service
Description: The issue was addressed with improved bounds checks.
CVE-2024-44297: Jex Amro
- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to leak sensitive kernel state
Description: An information disclosure issue was addressed with improved private data redaction for log entries.
CVE-2024-44239: Mateusz Krzywicki (@krzywix)
- Managed Configuration
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: This issue was addressed with improved handling of symlinks.
CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail Amzdak
- MobileBackup
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: A logic issue was addressed with improved file handling.
CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill (@jjtech@infosec.exchange)
- Safari
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Maliciously crafted web content may violate iframe sandboxing policy
Description: A custom URL scheme handling issue was addressed with improved input validation.
CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)
- Safari Downloads
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to misuse a trust relationship to download malicious content
Description: This issue was addressed through improved state management.
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)
- SceneKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: A buffer overflow was addressed with improved size validation.
CVE-2024-44144: 냥냥
- SceneKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
- Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A malicious app may use shortcuts to access restricted files
Description: A logic issue was addressed with improved checks.
CVE-2024-44269: an anonymous researcher
- Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A sandboxed app may be able to access sensitive user data in system logs
Description: An information disclosure issue was addressed with improved private data redaction for log entries.
CVE-2024-44278: Kirin (@Pwnrin)
- VoiceOver
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to view restricted content from the lock screen
Description: This issue was addressed by restricting options offered on a locked device.
CVE-2024-44261: Braylon (@softwarescool)
- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278765
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)
記事執筆:memn0ck
■関連リンク
・エスマックス(S-MAX)
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 17 関連記事一覧 - S-MAX
・iPadOS 17 関連記事一覧 - S-MAX
・iOS 17 のアップデートについて - Apple サポート (日本)
・iPadOS 17 のアップデートについて - Apple サポート (日本)
・iOS 17.7.1 および iPadOS 17.7.1 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート
記事一覧
記事一覧
