top | item 37561673

(no title)

I'm not sure what you mean - the last security update fixed massive 0-day which was an arbitrary code execution caused by the image decoder. CVE-2023-41064

AFAIK every app that uses the ImageI/O api is effected by it, which includes every app you mentioned. You often don't need to even open the message for the image to be decoded.

From my understanding most vulnerabilities are from either the image decoder, text decoder, or webkit which again, effects nearly all apps. All apps can only use the webkit view, which affects nearly all of them to some degree.

I think you might be confusing the attack vector - messages is the easiest to attack since you just sent a regular text. Even if you don't normally use messages, it'll parse the image and you'll be hit by the 0 day. In theory this will work with most messaging apps.

discuss

mikepurvis|2 years ago

I was referring to the opposite side of things— not the security patches but the actual new features of iOS 17. Rather than being OS-level capabilities that feel like they would impact the whole ecosystem, they're more like app features, and a lot of the app features don't apply to me as I use alternatives to those specific apps.