Apple has swiftly issued an urgent update, iOS 17.4, accompanied by a strong warning for all iPhone users to update their devices immediately. The new release addresses a minimum of four security vulnerabilities, with two of them already being exploited in real-life attacks. To ensure user safety, Apple has been careful not to disclose extensive details about the fixes, aiming to prompt as many users as possible to update before attackers can exploit the vulnerabilities.

One of the exploited flaws, tracked as CVE-2024-23225, resides in the Kernel, the core of the iPhone operating system. Apple warns that this flaw allows an attacker with arbitrary kernel read and write capability to potentially bypass memory protections. Apple is aware of reports that this vulnerability has already been exploited. Moreover, the company has also addressed this issue in iOS 16.7.6 for users of older devices.

Additionally, iOS 17.4 includes a fix for a bug in RTKit, a real-time operating system used in Apple devices including AirPods, Siri Remote, Apple Pencil 2, and Smart Keyboard Folio. Tracked as CVE-2024-23296, the flaw could allow an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Similar to the previous issue, Apple is aware of reports that this vulnerability has also been exploited.

Sean Wright, head of application security at Featurespace, explains that exploiting these two flaws could potentially compromise the entire device. However, successfully carrying out the attack would be extremely difficult, as attackers would need to persuade the victim to either install a malicious application or exploit an unpatched vulnerability.

In addition to security fixes, iOS 17.4 addresses an issue in Accessibility that enabled apps to read sensitive location information. Furthermore, a flaw in Safari Private Browsing has been resolved, preventing locked tabs from briefly becoming visible while switching tab groups.

Apple indicated that more CVE entries will be forthcoming, suggesting that there may be further security updates included in the iOS 17.4 release.

Alongside iOS 17.4, Apple has also introduced updates for older devices, including iOS 15.8.2 and iPadOS 15.8.2. These updates, although devoid of any CVE entries, likely contain bug fixes and improvements for older iPhone models. Users with older devices are encouraged to prioritize these updates.

It is crucial to note that if your iPhone is compatible with iOS 17, it is necessary to upgrade to the latest software version, iOS 17.4. Apple no longer supports iOS 16 for devices beyond the iPhone X, leaving those who do not upgrade vulnerable to potential attacks.

In a seismic change for EU users, iOS 17.4 now allows sideloading on iPhones, opening up new avenues for customization. The update also brings enhancements to Stolen Device Protection, enabling a security delay in all locations. Furthermore, the inclusion of the PQ3 messaging protocol in the iMessage update strengthens iPhone security and privacy, offering increased protection against future security threats like quantum-based attacks.

Given the gravity of the situation with two flaws already being exploited, it is essential for iPhone users to update to iOS 17.4 without delay to safeguard their devices and personal information. To update, navigate to your iPhone's Settings, select General, then Software Update, and proceed to download and install iOS 17.4 as soon as possible.

Update: This article was first published on March 5th at 2:44 pm EST and was last updated on March 6th at 10:50 am EST to include details regarding the iOS 15.8.2 and iPadOS 15.8.2 updates for older devices.