Apple has rolled out iOS 17.4 and is urging users to update immediately. This release addresses at least four security vulnerabilities, with two already exploited in real-world attacks.
Details on the fixes are scarce to prevent attackers from exploiting them before users can update. The first flaw, tracked as CVE-2024-23225, involves a Kernel issue within the iPhone operating system, potentially allowing attackers to bypass memory protections.
According to Apple, this issue could enable attackers with arbitrary kernel read and write capabilities to compromise device security. Apple acknowledges that this flaw may have already been exploited.
Additionally, iOS 16.7.6 addresses the same kernel issue for older device users.
Another patched bug, tracked as CVE-2024-23296, affects RTKit, a real-time operating system utilized in devices like AirPods and Siri Remote. Apple warns that this flaw could also allow attackers to bypass kernel memory protections, posing a serious security risk.
Security expert Sean Wright notes that exploiting these vulnerabilities could compromise entire devices, although executing such attacks is incredibly challenging. Attackers would typically need to trick users into installing malicious apps or exploit unpatched vulnerabilities.
iOS 17.4 also resolves an Accessibility issue that could expose sensitive location data to apps. Additionally, a Safari Private Browsing flaw, fixed in this update, prevented locked tabs from briefly appearing when switching tab groups.
In addition to iOS 17.4 and iOS 16.7.6, Apple has released iOS 15.8.2 and iPadOS 15.8.2 for older devices like the iPhone 6s, iPhone 7, iPhone SE (1st generation)
The iOS 15.8.2 update doesn't contain any security fixes but likely includes bug patches for older devices. If you own one of these devices, it's advisable to prioritize this update for enhanced performance and stability.