Update Now to Protect Your iPhone or iPad: Critical Security Flaws Patched in iOS & iPadOS 17.4
.jpg "Update Now to Protect Your iPhone or iPad: Critical Security Flaws Patched in iOS & iPadOS 17.4")
Apple released a major update for iPhones and iPads this week, iOS and iPadOS 17.4. It's especially exciting for users in the European Union, who will now be able to download apps from third-party stores and use different web browsers. But even if you're not in the EU, there's plenty to love in this update, including automatic transcripts for Apple Podcasts and 118 new emojis.
More importantly, this update is essential for your device's security. It patches two critical security vulnerabilities that could leave your phone or iPad vulnerable to attack. So, regardless of where you live or what features you're most excited about, be sure to update your device to iOS or iPadOS 17.4 as soon as possible.
Security updates in iOS and iPadOS 17.4
Apple released the iOS and iPadOS 17.4 update, but it took them a while to share the security details. Finally, the company revealed that the update included four patches, two of which addressed minor issues.
One fix addressed an Accessibility flaw that could allow apps to access sensitive location data, and another addressed a Safari issue that might reveal your locked tabs while switching between groups in private browsing.
However, the remaining two vulnerabilities are far more concerning. Both patches addressed flaws in the Kernel (the core of the operating system) and RTKit (responsible for managing time functions). These flaws could potentially allow attackers to bypass security measures and gain control over your device's most critical functions.
These vulnerabilities are particularly concerning because Apple confirmed that they are actively being exploited. This means attackers are aware of these flaws and are already using them to compromise devices. Therefore, it's crucial for all iPhone and iPad users to update to iOS/iPadOS 17.4 immediately.
The severity of the Kernel flaw prompted Apple to release additional updates for older devices, including iOS/iPadOS 16.7.6 for iPhone 8 and newer and iOS/iPadOS 15.8.2 for iPhone 6S and newer. However, security notes for these updates haven't been released, so the specific vulnerabilities they address remain unknown.
You can read the full security notes for iOS and iPadOS 17.4 below:
iOS 17.4 and iPadOS 17.4
Released March 5, 2024
Additional CVE entries coming soon.
Accessibility
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-23243: Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23225
RTKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23296
Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled
Description: A logic issue was addressed with improved state management.
CVE-2024-23256: Om Kothawade
How to update your iPhone or iPad to protect your devices
It's important to keep your iPhone or iPad up-to-date with the latest software to benefit from the newest features and security improvements. Updating your device is straightforward and only takes a few minutes, regardless of whether you're using iOS 17, 16, or 15. Here's how to do it:
- Open the Settings app on your iPhone or iPad.
- Tap on General.
- Tap on Software Update.
- Your device will search for available updates. If an update is found, you'll see information about it on the screen.
- Tap Download and Install to start the update process. You may be prompted to enter your passcode.
- Once the update is downloaded, your device will restart and begin installing the update.
While automatic updates are convenient, they may not install the update immediately. For the quickest installation, updating manually is recommended.
