On Tuesday, Apple released iOS 17.4 and iPadOS 17.4 for compatible iPhones and iPads. It’s a substantial update—at least if you live in the E.U., where it introduces third-party app stores and non-WebKit web browser support—but the rest of the world gets some cool new features, too, from automatic transcripts in Apple Podcasts to 118 new emojis.
However, new features are far from the only reason you should prioritize this update for your iPhone or iPad. In fact, you should update your Apple devices as soon as possible, since iOS and iPadOS 17.4 also patch two big zero-day security vulnerabilities.
Security updates in iOS and iPadOS 17.4
While new Apple software updates usually come with release notes—a list of features, changes, and bug fixes in the update—the company is usually slower to release an update’s security notes. In the hours after 17.4’s release, Apple finally issued its security notes, detailing the four security patches it includes for your iPhone or iPad.
Two of these patches aren’t quite as serious: One is a fix for an Accessibility flaw that could allow an app to read sensitive location information, while the other is a fix for a Safari Private Browsing flaw that could reveal your locked tabs while switching tab groups in private browsing.
However, the other two vulnerabilities are much more important to address. Both fixes, one for a Kernel (the core of iOS and iPadOS) flaw and one for an RTKit (the platform for controlling iOS and iPadOS’ time functionality) flaw, allow an attacker to bypass kernel memory protections, which would allow them to take over the memory allocated to your iPhone or iPad’s most basic OS functions.
Aside from being a scary prospect, these two vulnerabilities are especially serious because Apple confirmed that there are known exploits for them in the wild. That means someone, somewhere not only knows about these two flaws, but has taken advantage of them. That makes it imperative for all of us with one of these Apple devices to update as soon as possible.
The Kernel flaw in particular is so severe, Apple also issued updates for iOS and iPadOS 16.7.6 for iPhone 8 and newer. They also seeded iOS and iPadOS 15.8.2 for iPhone 6S and newer, but did not issue security notes, so we can’t say what exactly those updates patch.
You can read the full security notes for iOS and iPadOS 17.4 below:
iOS 17.4 and iPadOS 17.4
How to update your iPhone or iPad to protect your devices
Whether you’re running iOS 17, iOS 16, or iOS 15, you should update your iPhone or iPad immediately. To do so, head to Settings > General > Software Update. Allow your device to look for the new update, then, when available, follow the on-screen instructions to download and install the latest version. If you have Automatic Updates enabled, your device may update on its own when connected to power and wifi, but this can take some time. The fastest way to update is to do so manually.
Leave a Reply
You must be logged in to post a comment.