Appleが重要な脆弱性を修正した「iOS 17.7」と「iPadOS 17.7」を提供開始!すぐiOS・iPadOS 18にしない人向け。iPhone XS以降などが対象
 |
| AppleがiPhoneやiPadなど向けiOS 17.7とiPadOS 17.7をリリース! |
Appleは16日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 17」や「iPadOS 17」の最新版「iOS 17.7(20H16)」および「iPadOS 17.7(20H16)」を提供開始したとお知らせしています。
変更点は重要なセキュリティーアップデートが含まれているとしており、Kernelに関する「CVE-2024-44165」および「CVE-2024-44191」やSecurityに関する「CVE-2023-41991」、Accessibilityに関する「CVE-2024-44171」、Compressionに関する「CVE-2024-27876」などといったCVEに登録されている16個の脆弱性が修正されており、同社ではいくつかの脆弱性が悪用された可能性があるという報告を認識していると説明しています。
その他、すでに紹介しているようにiOSおよびiPadOSの最新バージョン「iOS 18.0」および「iPadOS 18.0」の正式版がリリースされているほか、スマートウォッチ「Apple Watch」向け「watchOS 11.0」や「watchOS 10.6.1」、パソコン「Mac」向け「macOS Sequoia 15」や「macOS Sonoma 14.7」「macOS Ventura 13.7」、セットトップボックス「Apple TV」向け「tvOS 18」、スマートヘッドセット「Apple Vision Pro」向け「visionOS 2」なども提供開始されています。
Appleでは2021年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、今年も最新のiOS 18やiPadOS 18の正式版が配信開始されましたが、引き続いてしばらくiOS 17やiPadOS 17で使う場合を対象にセキュリティー修正のみを行ったiOS 17.7およびiPadOS 17.7を提供開始しました。
iOS 17やiPadOS 17の対象機種の場合には「設定」→「情報」→「ソフトウェア・アップデート」を表示すると、画面の下部に「その他の利用可能なアップデート」として「iOS 18にアップグレード」または「iPadOS 18にアップグレード」が表示されるのでそこからiOS 18やiPadOS 18に更新できるほか、iOS 18やiPadOS 18にアップグレードを選ばない場合にはiOS 17.7やiPadOS 17.7の更新画面で「ダウンロードしてインストール」を押せばiOS 17.7やiPadOS 17.7に更新されます。
なお、これまでのAppleの動きからするとしばらくはiOS 17やiPadOS 17へのセキュリティー修正が継続して提供されると思われます。なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 15 Pro MaxでiOS 17.6.1からの場合では643.8MBとなっています。更新は従来通りにiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。Appleが案内しているアップデートの内容およびセキュリティー修正は以下の通り。
iOS 17.7
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/HT201222
iPadOS 17.7
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/ja-jp/HT201222
iOS 17.7 and iPadOS 17.7
Released September 16, 2024
- Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features
Description: This issue was addressed through improved state management.
CVE-2024-44171: Jake Derouin
- Compression
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files
Description: A race condition was addressed with improved locking.
CVE-2024-27876: Snoolie Keffaber (@0xilis)
- Game Center
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A file access issue was addressed with improved input validation.
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)
- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2024-27880: Junsung Lee
- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to a denial-of-service
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative, an anonymous researcher
- IOSurfaceAccelerator
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44169: Antonio Zekić
- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Network traffic may leak outside a VPN tunnel
Description: A logic issue was addressed with improved checks.
CVE-2024-44165: Andrew Lytvynov
- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may gain unauthorized access to Bluetooth
Description: This issue was addressed through improved state management.
CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef
- Mail Accounts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access information about a user's contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)
- mDNSResponder
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause a denial-of-service
Description: A logic error was addressed with improved error handling.
CVE-2024-44183: Olivier Levon
- Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2024-44127: Anamika Adhikari
- Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A shortcut may output sensitive user data without consent
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2024-44158: Kirin (@Pwnrin)
- Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to observe data displayed to the user by Shortcuts
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea
- Sync Services
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2024-44164: Mickey Jin (@patch1t)
- Transparency
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional restrictions.
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)
- UIKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2024-27879: Justin Cohen
記事執筆:memn0ck
■関連リンク
・エスマックス(S-MAX)
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 17 関連記事一覧 - S-MAX
・iPadOS 16 関連記事一覧 - S-MAX
・iOS 17 のアップデートについて - Apple サポート (日本)
・iPadOS 17 のアップデートについて - Apple サポート (日本)
・iOS 17.7 および iPadOS 17.7 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート
