Published on: 01 November 2017
On 31 October 2017, Apple released security updates in its latest iOS version 11.1 to fix 20 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities, such as enticing a user to open a maliciously crafted text or zip file, or access a malicious website; bypassing the device lock screen to access user information with specific local operations on the device; and launching a man-in-the-middle attack at the WPA2-encrypted Wi-Fi network connected with the vulnerable iOS devices.
A successful attack could lead to arbitrary code execution, privilege escalation, denial of service, retrieval of sensitive information, unexpected application termination or data manipulation.
The product vendor has released iOS 11.1 to address the issues. Users should upgrade iOS to version 11.1 to patch the WPA2 protocol vulnerability as mentioned in our previous security alert (A17-10-04).
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
This link will open in a new windowhttps://support.apple.com/en-us/HT208222
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/17110101
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2017/10/31/Apple-Releases-Multiple-Security-Updates
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7113
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13783
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13784
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13785
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13791 (to CVE-2017-13796)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13799
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13802 (to CVE-2017-13805)
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13844
This link will open in a new windowhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13849
