<!DOCTYPE html> <html lang="en" prefix="og: http://ogp.me/ns#" dir="ltr"> <head> <meta http-equiv="expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <link rel="dns-prefetch" href="https://www.apple.com/" /> <link rel="preconnect" href="https://www.apple.com/" crossorigin /> <title lang="en">About the security content of iOS&nbsp;17.7.2 and iPadOS 17.7.2 - Apple Support</title> <meta name="description" content="This document describes the security content of iOS 17.7.2 and iPadOS 17.7.2." /> <link rel="canonical" href="https://support.apple.com/en-mide/121754" /> <meta property="og:url" content="https://support.apple.com/en-mide/121754" /> <meta property="og:title" content="About the security content of iOS&amp;nbsp;17.7.2 and iPadOS 17.7.2 - Apple Support" /> <meta property="og:description" content="This document describes the security content of iOS 17.7.2 and iPadOS 17.7.2." /> <meta property="og:site_name" content="Apple Support" /> <meta property="og:locale" content="en_MIDE" /> <meta property="og:type" content="article" /> <link rel="icon" href="/favicon.ico"> <link rel="apple-touch-icon" href="/favicon.ico"> <style> .viewport-content{margin-left:auto;margin-right:auto;width:980px}.viewport-content{margin-left:auto;margin-right:auto;width:692px}.viewport-content{margin-left:auto;margin-right:auto;width:87.5%}.viewport-content{margin-left:auto;margin-right:auto;width:980px}.viewport-content{margin-left:auto;margin-right:auto;width:692px}.viewport-content{margin-left:auto;margin-right:auto;width:87.5%}.subheader{font-size:21px;line-height:1.381;font-weight:400;letter-spacing:.011em;font-family:SF Pro Display,SF Pro Icons,Helvetica Neue,Helvetica,Arial,sans-serif}.subheader{font-size:19px;line-height:1.4211;font-weight:400;letter-spacing:.012em;font-family:SF Pro Display,SF Pro Icons,Helvetica Neue,Helvetica,Arial,sans-serif}.globalnav-placeholder{height:44px}.globalnav-placeholder{height:48px}.globalnav-curtain{background:rgba(232,232,237,.4);-webkit-backdrop-filter:blur(20px);backdrop-filter:blur(20px);visibility:hidden;position:fixed;opacity:0;top:0;right:0;bottom:0;left:0;width:100%;height:100%;z-index:9998;transition:opacity .32s cubic-bezier(.4,0,.6,1) 80ms,visibility .32s step-end 80ms}.globalheader-light .globalnav-curtain{background:rgba(232,232,237,.4)}.globalnav-link-text-container{display:flex}.globalnav-link svg{transform:translateZ(0)}.globalnav-submenu-trigger-item{list-style:none}.globalnav-bag-badge{--globalnav-badge-background:rgb(0, 0, 0);--globalnav-badge-text-color:rgb(255, 255, 255);top:auto;bottom:11px;display:inline-block;position:absolute;z-index:1;width:1.3em;height:1.3em;box-sizing:border-box;float:none;color:var(--globalnav-badge-text-color);font-size:10px;letter-spacing:-.008em;line-height:1.3;text-align:center;pointer-events:none}.globalnav-bag-badge{bottom:13px}.globalnav-bag-badge-separator{background:var(--globalnav-badge-background);width:1em;height:100%;position:absolute;top:0;transform:scaleX(0);transition:transform .3s cubic-bezier(.25,.1,.3,1)}.globalnav-bag-badge-number{display:block;position:relative;z-index:2;font-family:SF Pro Text,SF Pro Icons,Helvetica Neue,Helvetica,Arial,sans-serif;letter-spacing:inherit;transition:transform .3s cubic-bezier(.25,.1,.3,1)}.globalnav-bag-badge-unit{opacity:0;display:inline-block;position:absolute;top:0;z-index:2;font-family:SF Pro Text,SF Pro Icons,Helvetica Neue,Helvetica,Arial,sans-serif;font-feature-settings:"case";transition:opacity .1s cubic-bezier(.25,.1,.3,1)}.globalnav-bag-wrapper{position:relative}.globalnav-image-compact,.globalnav-link-bag svg{pointer-events:none}.viewport-content{margin-inline-start:auto;margin-inline-end:auto;width:980px}.viewport-content{margin-inline-start:auto;margin-inline-end:auto;width:692px}.viewport-content{margin-inline-start:auto;margin-inline-end:auto;width:87.5%} </style> <link rel="preload" as="style" href="/clientside/build/app-ac.css" onload="this.onload=null;this.rel='stylesheet'"> <noscript> <link rel="stylesheet" href="/clientside/build/app-ac.css" type="text/css" /> </noscript> <link rel="preload" as="style" href="/clientside/build/gb_ltr_rtl_common.css" onload="this.onload=null;this.rel='stylesheet'"> <noscript> <link rel="stylesheet" href="/clientside/build/gb_ltr_rtl_common.css" type="text/css" /> </noscript> <link rel="preload" as="style" href="//www.apple.com/wss/fonts?families=SF+Pro,v1:200,300,400,500,600|SF+Pro+Icons,v1" onload="this.onload=null;this.rel='stylesheet'"> <noscript> <link rel="stylesheet" href="//www.apple.com/wss/fonts?families=SF+Pro,v1:200,300,400,500,600|SF+Pro+Icons,v1" type="text/css" /> </noscript> <script> var data = { showHelpFulfeedBack: true, isPreview : false, showPricingTool: false, podCookie: "mide~en", dtmPageName: "acs.pageload", locale: "en_US", id: "121754", contentType: "RC", domain: "support.apple.com", isNeighborJsEnabled: true, showPricingServiceTypeDropdown: false, showPricingProductDropdown:true, showPricingModelDropdown:false, urlLocale: "en-mide", pricingProductId:"", pricingServiceItemId:"", supportCategory: "", showRecommendation : false, configApiURL : "https://support.apple.com/ols/api/config", isSecureEnv : "", contentDropdownSelectedOption: "", isOberonContent: false, enableAskAppleChat: false, akamaiEdgeScapeURL: "https://support.apple.com/edge-sight" } //for launch - video tracking window.appState = JSON.stringify(data); </script> <!-- Below CSS is to disable videos click and hide play button on page load --> <style> .videoComponentContainer > a.videoComponent{ pointer-events: none; } .videoComponentContainer > a.videoComponent .thumbnail-button{ display: none; } </style> <script> var _applemd = { page: { site_section: "kb", content_type: "RC", info_type: "", topics: "", in_house: "", locale: "en-mide", friendly_content: { title: `About the security content of iOS&amp;nbsp;17.7.2 and iPadOS 17.7.2`, publish_date: "11192024", content_id: "121754", status: "unarchieved", version: "1.0.0.0" }, testandtarget:{ throttle:"0.0" }, }, product: { list: [] } , }; const isMobilePlayer = /iPhone|iPod|Android/i.test(navigator.userAgent); </script> <script src="/clientside/build/nn.js" type="text/javascript" charset="utf-8"></script> <script> var neighborInitData = { appDataSchemaVersion: '2.0.0', webVitalDataThrottlingPercentage: 100, reportThrottledWebVitalDataTypes: ['system:dom-content-loaded', 'system:load', 'system:unfocus', 'system:focus', 'system:unload', 'system:page-hide', 'system:visibility-change-visible', 'system:visibility-change-hidden', 'system:event', 'app:load', 'app:unload', 'app:event'], trackMarcomSearch: true, trackSurvey: true, endpoint: 'https://supportmetrics.apple.com/content/services/stats' } </script> <noscript> <style> .videoComponentContainer > a.videoComponent{ pointer-events: unset; } .videoComponentContainer > a.videoComponent .thumbnail-button{ display: unset; } </style> </noscript> </head> <body class="ac-gn-current-support no-js "> <link rel="stylesheet" type="text/css" href="https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.css" /> <div id="globalheader" class="globalnav-scrim globalheader-light"> <nav id="globalnav" lang="en_002" dir="ltr" aria-label="Global" data-analytics-element-engagement-start="globalnav:onFlyoutOpen" data-analytics-element-engagement-end="globalnav:onFlyoutClose" data-store-api="https://www.apple.com/[storefront]/shop/bag/status" data-analytics-activitymap-region-id="global nav" data-analytics-region="global nav" class="globalnav no-js" > <div class="globalnav-content"> <ul id="globalnav-list" class="globalnav-list" aria-labelledby="globalnav-menutrigger-button" > <li data-analytics-element-engagement="globalnav hover - apple" class="globalnav-item globalnav-item-apple" > <a href="https://www.apple.com/" data-globalnav-item-name="apple" data-analytics-title="apple home" aria-label="Apple" class="globalnav-link globalnav-link-apple" > <span class="globalnav-image-regular globalnav-link-image"> <svg height="44" viewBox="0 0 14 44" width="14" xmlns="http://www.w3.org/2000/svg" > <path d="m13.0729 17.6825a3.61 3.61 0 0 0 -1.7248 3.0365 3.5132 3.5132 0 0 0 2.1379 3.2223 8.394 8.394 0 0 1 -1.0948 2.2618c-.6816.9812-1.3943 1.9623-2.4787 1.9623s-1.3633-.63-2.613-.63c-1.2187 0-1.6525.6507-2.644.6507s-1.6834-.9089-2.4787-2.0243a9.7842 9.7842 0 0 1 -1.6628-5.2776c0-3.0984 2.014-4.7405 3.9969-4.7405 1.0535 0 1.9314.6919 2.5924.6919.63 0 1.6112-.7333 2.8092-.7333a3.7579 3.7579 0 0 1 3.1604 1.5802zm-3.7284-2.8918a3.5615 3.5615 0 0 0 .8469-2.22 1.5353 1.5353 0 0 0 -.031-.32 3.5686 3.5686 0 0 0 -2.3445 1.2084 3.4629 3.4629 0 0 0 -.8779 2.1585 1.419 1.419 0 0 0 .031.2892 1.19 1.19 0 0 0 .2169.0207 3.0935 3.0935 0 0 0 2.1586-1.1368z" ></path> </svg> </span> <span class="globalnav-image-compact globalnav-link-image"> <svg height="48" viewBox="0 0 17 48" width="17" xmlns="http://www.w3.org/2000/svg" > <path d="m15.5752 19.0792a4.2055 4.2055 0 0 0 -2.01 3.5376 4.0931 4.0931 0 0 0 2.4908 3.7542 9.7779 9.7779 0 0 1 -1.2755 2.6351c-.7941 1.1431-1.6244 2.2862-2.8878 2.2862s-1.5883-.734-3.0443-.734c-1.42 0-1.9252.7581-3.08.7581s-1.9611-1.0589-2.8876-2.3584a11.3987 11.3987 0 0 1 -1.9373-6.1487c0-3.61 2.3464-5.523 4.6566-5.523 1.2274 0 2.25.8062 3.02.8062.734 0 1.8771-.8543 3.2729-.8543a4.3778 4.3778 0 0 1 3.6822 1.841zm-6.8586-2.0456a1.3865 1.3865 0 0 1 -.2527-.024 1.6557 1.6557 0 0 1 -.0361-.337 4.0341 4.0341 0 0 1 1.0228-2.5148 4.1571 4.1571 0 0 1 2.7314-1.4078 1.7815 1.7815 0 0 1 .0361.373 4.1487 4.1487 0 0 1 -.9867 2.587 3.6039 3.6039 0 0 1 -2.5148 1.3236z" ></path> </svg> </span> <span class="globalnav-link-text"> Apple </span> </a> </li> </ul> </div> </nav> <div id="globalnav-curtain" class="globalnav-curtain"></div> <div id="globalnav-placeholder" class="globalnav-placeholder"></div> </div> <script type="text/javascript" src="https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.umd.js" ></script> <div id="app"> <div class="main section viewport-content" role="main" id="content"> <div id="sections" class=> <h1 class="gb-header">About the security content of iOS&nbsp;17.7.2 and iPadOS 17.7.2</h1> <p class="subheader gb-subheader">This document describes the security content of iOS 17.7.2 and iPadOS 17.7.2.</p> <h2 class="gb-header">About Apple security updates</h2> <p class="gb-paragraph">For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the <a href="/en-mide/100100" class="gb-anchor">Apple security releases</a> page.</p> <p class="gb-paragraph">Apple security documents reference vulnerabilities by <a href="https://www.cve.org/About/Overview" class="gb-anchor">CVE-ID</a> when possible.</p> <p class="gb-paragraph">For more information about security, see the <a href="/en-mide/100100" class="gb-anchor">Apple Product Security</a> page.</p> <h2 class="gb-header">iOS 17.7.2 and iPadOS 17.7.2</h2> <div class="note gb-note"><p class="gb-paragraph">Released November 19, 2024</p></div> <h3 class="gb-header">JavaScriptCore</h3> <p class="gb-paragraph">Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later</p> <p class="gb-paragraph">Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.</p> <p class="gb-paragraph">Description: The issue was addressed with improved checks.</p> <div class="note gb-note"><p class="gb-paragraph">WebKit Bugzilla: 283063</p></div> <p class="gb-paragraph">CVE-2024-44308: Cl&eacute;ment Lecigne and Beno&icirc;t Sevens of Google's Threat Analysis Group</p> <h3 class="gb-header">WebKit</h3> <p class="gb-paragraph">Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later</p> <p class="gb-paragraph">Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.</p> <p class="gb-paragraph">Description: A cookie management issue was addressed with improved state management.</p> <div class="note gb-note"><p class="gb-paragraph">WebKit Bugzilla: 283095</p></div> <p class="gb-paragraph">CVE-2024-44309: Cl&eacute;ment Lecigne and Beno&icirc;t Sevens of Google's Threat Analysis Group</p> <div id="disclaimer"> <div class="sosumi"><p class="gb-paragraph">Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. <a href="https://support.apple.com/103190" class="gb-anchor">Contact the vendor</a> for additional information.</p></div> </div> <div class='mod-date'> <span>Published Date:</span>&nbsp;<time dateTime=November 19, 2024itemprop='datePublished'>November 19, 2024</time> </div> </div> </div> <div id='helpful-rating-wrapper'> <div id='helpful' class='ratings okapi-enabled'> <div> <fieldset id='question-state' class='show'> <legend class='helpful-heading'> <span id="okapi-a">Helpful?</span> </legend> <div class='helpful-btn-grp'> <button class='button button-reduced button-secondary' id='yes-button' data-ss-analytics-link-component_name='helpful' data-ss-analytics-link-component_type='helpful' data-ss-analytics-link-text='yes' data-ss-analytics-event=acs.link_click title='Solved my problem'> Yes </button> <button class='button button-reduced button-secondary' id='no-button' data-ss-analytics-link-component_name='helpful' data-ss-analytics-link-component_type='helpful' data-ss-analytics-link-text='no' data-ss-analytics-event=acs.link_click title='Not helpful'> No </button> </div> </fieldset> </div> <div id='feedback-state' class="form-element form-textbox-labelbelow hide"> <form autocomplete="off"> <input type='hidden' id='form-counter-error-message' value="Maximum character limit is 250." /> <label id='feedback-label' data-no-label="Thanks for letting us know." data-yes-label="We’re glad this article helped." ></label> <div class='form-element form-textbox-labelbelow' id='feedback'> <div class="textarea-wrapper"> <div> <div class="form-textbox form-textbox-with-counter"> <span class="form-label" id="optional_label" aria-hidden="true"></span> <textarea type="text" class="form-textbox-textarea form-counter-textarea form-text-area form-textbox-input" data-max-length='250' aria-labelledby="optional_label" aria-describedby="char_limit_counter" data-no-placeholder="How can we make this article more helpful? (Optional)" data-yes-placeholder="Anything else you’d like us to know? (Optional)" ></textarea> <div id="char_limit_counter" class="form-textbox-counter-wrapper form-textbox-counter"> <span class="visuallyhidden" id="char-limit-message">Character limit:</span> <span class="form-counter form-textbox-counter">250</span> </div> <div class="form-textbox-aria-live visuallyhidden" aria-live="polite"></div> </div> </div> </div> <div class='form-message-wrapper'> <span class='form-message'>Maximum character limit is 250.</span> </div> <label class='dont-include-label' htmlFor='feedback-note'>Please don’t include any personal information in your comment.</label> <button type='submit' class='button button-secondary' id="submit-feedback" data-ss-analytics-link-component_type='helpful' data-ss-analytics-link-text='submit'> Submit </button> </div> </form> </div> <div id='rating-done' class="hide"> Thanks for your feedback. </div> <div id='results-helpful' class='show'> </div> </div> </div> </div> <div class="footer-wrapper"> <footer id="ac-globalfooter" lang="en-mide" dir="ltr" class="js no-touch svg no-ie7 no-ie8 footer-global" data-analytics-region="global footer" role="contentinfo" aria-labelledby="ac-gf-label"> <div class="ac-gf-content"> <h2 class="ac-gf-label" id="ac-gf-label">Apple Footer</h2> <nav class="ac-gf-breadcrumbs" aria-label="Breadcrumbs" role="navigation"> <a href="https://www.apple.com" class="home ac-gf-breadcrumbs-home"> <span class="ac-gf-breadcrumbs-home-icon" aria-hidden="true"></span> <span class="ac-gf-breadcrumbs-home-label">Apple</span> <span class="ac-gf-breadcrumbs-home-chevron"></span> <span class="ac-gf-breadcrumbs-home-mask"></span> </a> <div class="ac-gf-breadcrumbs-path"> <ol class="ac-gf-breadcrumbs-list" vocab="http://schema.org/" typeof="BreadcrumbList"> <li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem"> <span property="name"> <a href="https://support.apple.com/en-mide">Support</a> </span> <meta property="position" content="1" /> </li> <li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem"> <span property="name">About the security content of iOS&nbsp;17.7.2 and iPadOS 17.7.2</span> <meta property="position" content="2" /> </li> </ol> </div> </nav> <section class="ac-gf-footer" vocab="https://schema.org/" typeof="Organization"> <div class="ac-gf-footer-shop" x-ms-format-detection="none"></div> <div class="ac-gf-footer-locale"> <a class="ac-gf-footer-locale-link" href="https://support.apple.com/en-mide/121754/localeselector" title="Choose your country or region" aria-label="Middle East. Choose your country or region"> Middle East</a> </div> <div class="ac-gf-footer-legal"> <div class="ac-gf-footer-legal-copyright"> Copyright © 2024 Apple Inc. All rights reserved. </div> <div class="ac-gf-footer-legal-links"> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/">Terms of Use</a> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/privacy/en-ww/">Privacy Policy</a> </div> </div> <meta content="Apple" property="name"> <meta content="1-800-692-7753" property="telephone"> </section><link rel="stylesheet" type="text/css" href="https://www.apple.com/ac/globalfooter/3/en_US/styles/ac-globalfooter.built.css"> <script type="text/javascript" src="https://www.apple.com/ac/globalfooter/3/en_WW/scripts/ac-globalfooter.built.js"></script> </div> </footer> </div> <script src="/clientside/build/app-ac-route.js" type="text/javascript" charset="utf-8"></script> <script src="/clientside/build/app-launch-route.js" type="text/javascript" charset="utf-8"></script> <script src="/clientside/build/FujiStitchPath.js" type="text/javascript" charset="utf-8"></script> <script src="/clientside/build/launch.js" type="text/javascript" charset="utf-8"></script> <script src="/etc/designs/support/publish/JS/pattern/accsoffer.js" type="text/javascript" charset="utf-8"></script> <div id="apd-aria-live-region" aria-live="polite" role="status" class="a11y"></div> </body> </html>