On 2 December 2017, Apple released security updates in its latest iOS version 11.2 to fix 14 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities, such as enticing a user to open a maliciously crafted application or email; and launching an attack with a privileged network position or a man-in-the-middle attack at the WPA2-encrypted Wi-Fi network connected with the vulnerable iOS devices.
A successful attack could lead to arbitrary code execution, privilege escalation or information disclosure.
The product vendor has released iOS 11.2 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/zh-hk/HT208334
https://www.hkcert.org/my_url/en/alert/17120702
https://www.us-cert.gov/ncas/current-activity/2017/12/06/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13833
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13847
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13855
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13860 (to CVE-2017-13862)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13865
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13867 (to CVE-2017-13869)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13874
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13876
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13879