Does someone understand the #0day fixed in iOS 17.0.1, or do we need to wait for #Google to publish a writeup? Google says it's a "PAC issue"[1], but the #Apple article says "A certificate validation issue was addressed".

A PAC bypass can't be certificate related, unless I'm really missing something.

[1] https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
[2] https://support.apple.com/en-us/HT213926