iOS 17.4 update urgently advised for all iPhone Users - Warning issued
Apple has released iOS 17.4 and strongly recommends immediate updating due to significant security concerns.
Apple has released iOS 17.4 and strongly recommends immediate updating due to significant security concerns. This version addresses a minimum of four security vulnerabilities, with two of them actively exploited in real-world attacks.
To prevent attackers from exploiting these vulnerabilities, Apple provides limited details about the fixes in iOS 17.4. The initial flaw that has already been exploited pertains to a Kernel issue at the core of the iPhone operating system, identified as CVE-2024-23225.
Addressing the problem rectified in iOS 17.4, Apple stated that an attacker with arbitrary kernel read and write capabilities might be able to bypass memory protections. The company is cognizant of reports suggesting that this issue could have been exploited.
For users of older devices, Apple has also resolved this specific issue in iOS 16.7.6.
Another identified bug pertains to RTKit, a real-time operating system based on the RTKit framework and utilized in Apple devices like AirPods, Siri Remote, Apple Pencil 2, and Smart Keyboard Folio. Tracked as CVE-2024-23296, the flaw fixed in iOS 17.4 "could allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections." Apple is also aware of reports indicating potential exploitation of this issue.
Exploiting these two vulnerabilities could potentially compromise the entire device, according to Sean Wright, Head of Application Security at Featurespace. He notes, however, that executing such an attack would be "extremely difficult," requiring the installation of a malicious application or the exploitation of an unpatched previous vulnerability.
In addition to these, iOS 17.4 addresses an Accessibility-related issue that could allow an app to access sensitive location information. Furthermore, a flaw in Safari Private Browsing has been fixed to prevent a user's locked tabs from briefly becoming visible while switching tab groups.
Apple has indicated that additional CVE entries are forthcoming, hinting at the possibility of more updates in the iOS 17.4 release.
In addition to iOS 17.4 and iOS 16.7.6, Apple has introduced iOS 15.8.2 and iPadOS 15.8.2 for older iPhone models, including iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation).
The iOS 15.8.2 update does not feature any CVE entries, indicating the absence of specific security fixes. It likely focuses on bug fixes, making it a recommended update for users with older iPhones.
However, it's essential to note that if your iPhone is compatible with iOS 17, upgrading to the latest software version, iOS 17.4, is crucial. Apple no longer supports iOS 16 for devices beyond the iPhone X, making it a security risk to remain on an outdated version.
The urgency to update to iOS 17.4 is emphasized by the significant changes for EU users, enabling iPhones to sideload, and the introduction of features like an enhanced Stolen Device Protection with a security delay in all locations. Furthermore, the update includes an iMessage update that enhances iPhone security and privacy, incorporating the PQ3 messaging protocol to address potential future security threats, such as quantum-based attacks, according to Apple.
Considering that two flaws addressed in iOS 17.4 were already exploited in attacks, immediate updating is crucial for ensuring the security of your device. To do so, navigate to your iPhone's Settings > General > Software Update and proceed to download and install iOS 17.4 promptly.