Apple has issued iOS 17.4, along with a warning to update now. That’s because iOS 17.4 fixes at least four security issues, two of which are already being used in real life attacks.
Apple doesn’t give many details about what’s fixed in iOS 17.4, to ensure as many iPhone users as possible can update before attackers get hold of the details. The first already-exploited flaw is an issue in the Kernel at the heart of the iPhone operating system, tracked as CVE-2024-23225.
Using the issue fixed in iOS 17.4, an attacker with arbitrary kernel read and write capability might be able to bypass memory protections, Apple said on its support page. “Apple is aware of a report that this issue may have been exploited,” Apple said.
Apple has also fixed this single issue in iOS 16.7.6 for users of older devices.
Another bug in RTKit, the real-time operating system based on the RTKit framework and is used in Apple devices such as AirPods, Siri Remote, Apple Pencil 2 and Smart Keyboard Folio is tracked as CVE-2024-23296. According to Apple, the flaw fixed in iOS 17.4 “could allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.”
Again, Apple said it “is aware of a report that this issue may have been exploited.”
Apple’s iOS 17.4 also fixes an issue in Accessibility that could enable an app to read sensitive location information. Meanwhile, a flaw in Safari Private Browsing could cause a user’s locked tabs to be briefly visible while switching tab groups.
Apple said additional CVE entries will be “coming soon,” indicating there could be more to the iOS 17.4 update.
Why You Should Update Now To iOS 17.4
Apple’s iOS 17.4 comes with seismic changes for EU users to open up iPhones to sideloading. It also includes some great new features, including an update to Stolen Device Protection, which alone make the upgrade worthwhile.
With two flaws already being used in attacks, it goes without saying that you should update now to iOS 17.4, if you care about your security. Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.4 as soon as possible.
Read the full article here
