A U.S. agency issued an advisory to millions of Apple iPhone and iPad users to update their products as soon as possible due to a security issue.
“Apple has released security updates for iOS and iPadOS, macOS, Safari, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” said the agency. It then recommended the update.
It came this week after Apple released iOS 17.3 with a warning to update iPhones and other devices due to security fixes that are currently being targeted by malign actors.
As usual, Apple provided few details about the fixes in the latest update, which applies to iPhones and iPads. But one of the issues that was fixed, known as CVE-2024-23222, was a vulnerability in WebKit, which runs the Safari browser, that could allow an actor to execute code on a device.
Several other bugs that impact WebKit, Safari, reset services, mail, kernel (the core of an operating system), and more were fixed in the update, according to Apple’s support page.
Two WebKit issues also could lead to remote code execution, while the kernel problem could allow an attacker to execute code through an app, it said.
“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page,” the company said.
The fixes target devices that use these Apple operating systems and programs: iOS 17.3 and iPadOS 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 15.8.1 and iPadOS 15.8.1, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, Safari 17.3, watchOS 10.3, and tvOS 17.3.
Separate Security Updates
Other than the bug fixes, the update will add Apple Music features that have been tested since late last year. It also added a “stolen device protection” service that can provide a new “layer of security” for accounts connected to a device.“When Stolen Device Protection is enabled, some features and actions have additional security requirements when your iPhone is away from familiar locations such as home or work.
“These requirements help prevent someone who has stolen your device and knows your passcode from making critical changes to your account or device,” Apple’s website says.
Some also claimed to have been victims of financial crimes, detailing how their entire bank accounts were wiped out, had significant Apple Pay purchases, and more.
Another Journal article said that users should attempt to cover their iPhones in public when accessing passwords or passcodes, saying that some criminals may attempt to memorize them to get inside the devices at a later time, potentially compromising their Apple Pay and Apple accounts.
How to Update
For many iPhone users, the update will be automatic, but it depends on the users’ phone settings.Users can go to the iPhone’s Settings before tapping General, then tapping Software Update to download and install iOS 17.3 (or iOS 16.7.5 or iOS 15.8.1 for older models) as well as the aforementioned security fixes.
That download can be accessed regardless of whether the user has automatic updates turned on or off
