Apple has released updates across the entire iPhone and iPad lineup to address critical security flaws thought to be exploited in targeted attacks.
iOS 17.4 plugs four security issues recently discovered by researchers.
CVE-2024-23243, reported by Romanian researcher Cristian Dinca of "Tudor Vianu" National High School of Computer Science, revolves around a privacy issue in the iOS Accessibility module, where log entries would leak out if the bug is exploited correctly.
CVE-2024-23256, reported by Om Kothawade, involves a bug where a user's locked tabs may be briefly visible while switching tab groups with Locked Private Browsing enabled.
While these issues warranted patching, Apple’s advisory mentions two more security flaws that pose even greater danger to the iOS ecosystem.
The flaws, tracked as CVE-2024-23225 and CVE-2024-23296, can be – and presumably have been – exploited to bypass kernel memory protections and compromise an unpatched device.
“Apple is aware of a report that this issue may have been exploited,” the tech giant notes in the bugs’ descriptions.
Such flaws are typically leveraged in targeted spyware attacks against high-profile political figures, dissidents, journalists and activists.
The flaws are addressed on most iDevice models currently circulating today, including the iPhone XS and newer, iPad Pro 12.9-inch 2nd generation and newer, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and later, iPad 6th generation and newer, and iPad mini 5th generation and newer.
One of these critical bugs (CVE-2024-23225) is also exploitable on older-generation hardware capped at iOS 16, including the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. iOS 16.7.6 addresses this single issue, making it an emergency security update for these models.
The Cupertino behemoth has also rolled out iOS 15.8.2 for even older device models, though this particular update isn’t accompanied by an advisory (yet). While some devices are no longer supported “officially,” Apple often makes an effort to patch critical flaws discovered in old iterations of iOS if it has reason to believe hackers are abusing them.
iOS 17.4 is a major release containing not just security fixes but also numerous enhancements and additions, including changes to comply with the EU’s Digital Markets Act (DMA), like the ability to install apps from alternative marketplaces.
Bitdefender recommends that netizens deploy the latest security updates for their devices the moment they’re available – especially when the vulnerabilities addressed are said to be actively exploited in the wild. For peace of mind, consider using a dedicated security solution on all your personal devices.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024