Apple has released iOS 17.4, urging users to update promptly due to the presence of critical security vulnerabilities. The update addresses four security issues, two of which are actively exploited in real-world attacks. To safeguard users, Apple has not disclosed detailed information about the fixes, aiming to prompt as many iPhone users as possible to update before potential attackers exploit the vulnerabilities.
The first exploited flaw, tracked as CVE-2024-23225, resides in the Kernel at the core of the iPhone operating system. Apple warns that attackers with arbitrary kernel read and write capability could potentially bypass memory protections. Apple has acknowledged reports of this issue being exploited and has swiftly released iOS 17.4, along with emergency security fixes.
Another vulnerability, identified as CVE-2024-23296, affects RTKit, the real-time operating system framework used in Apple devices like AirPods and Siri Remote. This flaw could enable attackers with kernel read and write capability to circumvent kernel memory protections. Apple has also addressed this issue in iOS 16.7.6 for older device users.
Security experts emphasize that exploiting these vulnerabilities could compromise the entire device, although executing such attacks would be challenging. Attackers would need to trick users into installing malicious applications or exploiting unpatched vulnerabilities.
In addition to security fixes, iOS 17.4 resolves an Accessibility issue that could allow apps to access sensitive location information. Furthermore, a flaw in Safari Private Browsing, which briefly revealed locked tabs while switching tab groups, has been rectified.
Apple hints at more security updates with additional CVE entries expected soon. Alongside iOS 17.4, Apple has released iOS 15.8.2 and iPadOS 15.8.2 for older devices, focusing on bug fixes rather than security enhancements.
Users are reminded that devices capable of running iOS 17 must upgrade to iOS 17.4, as Apple no longer supports iOS 16 for devices beyond the iPhone X. The latest update introduces significant changes for EU users, enabling iPhone sideloading and enhancing Stolen Device Protection with a security delay feature.
Moreover, the iOS 17.4 update includes an iMessage update that bolsters iPhone security and privacy by adopting the PQ3 messaging protocol to preempt future security threats like quantum-based attacks.
Given the active exploitation of two vulnerabilities, users are strongly advised to update to iOS 17.4 promptly to safeguard their devices. To update, users can navigate to Settings > General > Software Update on their iPhones and install the latest software version without delay.
Update 03/06 at 10:50am EST. This article was first published on 03/05 at 02:44pm EST. Updated to include details of the iOS 15.8.2 and iPadOS 15.8.2 update for older devices.
