US cyber officials are urgently warning millions of Apple users to update iOS on their devices now
US cyber officials are urging millions of Americans to update their Apple devices or risk being hacked.
The Cybersecurity and Infrastructure Security Agency (CISA) advises people to immediately update their devices to the latest iOS system.
The iOS 17.6 update, released Monday, includes 35 security fixes to protect users from hackers who can steal their personal data and location or take control of their iPhone.
This update applies to all iPhone Xs, Xs Max, and XR phones released in 2018 or later.
One of the security patches fixed a flaw in the iPhone’s operating system that could allow hackers to shut down the software and another flaw that could allow apps to ignore users’ privacy preferences.
Apple has issued an urgent warning to all 1.46 billion iPhone users, instructing them to immediately update their devices to the latest iOS system. The iOS 17.6 update will release 35 security fixes to protect users from hackers who can steal their personal data, location or take control of the iPhone.
While Apple has confirmed that it will launch its iOS 18 software in the coming months, experts warn that users should not ignore the iOS 17.6 update.
Apple did not provide further detail on the exact security issues in the new update, but stated generally that two issues were found in the Kernel, the core of the iPhone’s operating system.
The first issue (CVE-2024-27863) could allow cybercriminals to determine the phone’s memory layout, and the second issue (CVE-2024-40788) could allow an attacker to automatically power off the device.
Both security flaws in the kernel allowed hackers to gain full access to the iPhone.
Sean Wright, Head of Application Security at Featurespace, said Forbes that the kernel flaws “could be linked together with other vulnerabilities, potentially compromising the entire device.”
WebKit, the engine that powers the Safari web browser, also received eight updates for security issues that could allow hackers to conduct a cross-scripting attack to trick users into opening malicious web content.
When you click on a malicious link, also known as a phishing link, malware can be downloaded onto your device. This malware can steal sensitive information and track your phone’s activity.
It can also trick users into providing personal information, such as login credentials, credit card details, and social security numbers.
While Apple has broadly confirmed where the vulnerabilities are located, the company stated on its website that it “will not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
This is necessary so that malicious parties cannot exploit the vulnerabilities before customers have updated their devices, the company explains.
The iOS 17.6 update applies to all iPhone Xs, Xs Max, and XR phones released in 2018 or later
Apple also warned that the iOS 17.6 update will fix a security issue with Siri that could allow attackers to bypass security measures and leverage the personal assistant to access sensitive user information.
The iOS software will also fix a bug in the Family Sharing feature that could allow hackers to access sensitive location data through certain apps downloaded to the iPhone.
There is reportedly no evidence yet that hackers have exploited these back-end issues, but experts warn that this does not mean you should delay the update.
Wright told Forbes that while users shouldn’t worry about the security issues, it’s still a good idea to “update as soon as possible.”
Since Apple’s iOS 18 won’t be released until mid- to late September, users should take steps now to update their systems. To do so, go to the General section in Settings and select “Upgrade to iOS 17.6.”