Apple just launched iOS 17.4, and right now everyone’s attention is focused on how you can run third-party app stores on your iPhone – although only if you’re in the European Union. But there’s another important reason why you should upgrade: it fixes two extremely serious security flaws.
In a new security post (via BleepingComputer), Apple says iOS 17.4 and iPadOS 17.4 fix two zero-day bugs in the iOS kernel and Apple’s RTKit that could allow an attacker to bypass your device’s kernel memory security. That could potentially give malicious actors very high-level access to your device, so it’s imperative that you patch your iPhone as soon as possible by opening the Settings app, going to General > Software Update and following the on-screen instructions to follow.
These problems are not just hypothetical; In both cases, Apple says it is “aware of a report that this issue may have been exploited,” and if a zero-day flaw was actively exploited, it means hackers were able to take advantage of these issues without anyone knowing. With that in mind, there’s every reason to update your device now that Apple has released a series of fixes.
Apple says the bugs affect a wide range of devices: the iPhone 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. In other words, many people are potentially affected.
Actively exploited
These types of zero-day flaws are usually exploited in targeted attacks, often by sophisticated, state-sponsored groups. Apple has not shared details about how and when these vulnerabilities were used for nefarious purposes, nor whether they were discovered by Apple’s own security teams or by third-party researchers.
Apple devices are known for their strong defenses, but are increasingly falling under the crosshairs of hackers. Recent research shows that there were 20 active zero-day flaws targeting Apple products in 2023 – double the number from the previous year. According to BleepingComputer, three zero-day attacks on Apple devices have been patched so far in 2024.
This type of abuse shows why it’s so important to keep all your devices up to date with the latest patches, especially if they include security fixes. Leaving yourself vulnerable is a dangerous gamble when there are extremely advanced hacking groups out there in the wild. Therefore, make sure you download the latest iOS 17.4 update as soon as possible.