A branch of the U.S. Department of Homeland Security on Thursday advised Americans and companies to update their iPhones and other Apple devices due to potentially serious security problems.
Apple this week released iOS 17.4 and iOS 17.4, which offers multiple patches for four vulnerabilities, including two that impact users’ privacy, a memory corruption issue that can be exploited by attackers, and another memory corruption issue impacting its real-time operating system that also can be exploited. One of the security flaws could lead to an attacker being able to “access user-sensitive data,” it said.
On its support page, Apple wrote that there have been reports that some of the vulnerabilities “have been exploited.”
Apple has long said it does not disclose or provide details about the nature of the security flaws, doing so again during the recent update. “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” it said.
After the update, the U.S. Cybersecurity and Infrastructure Agency (CISA) advised that the firm released “security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS” and that a “cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.”
The agency then advised users and administrators to apply the “necessary updates.” The updates apply to Safari 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4, watchOS 10.4, tvOS 17.4, and visionOS 1.1.
Sean Wright, head of application security at Featurespace, told Forbes magazine this week that exploiting several of the security problems could lead to the entire device being compromised. But he noted that such an attack would be “extremely difficult” to perform, adding that “attackers would need to try to get the victim to install a malicious application or exploit a previous vulnerability that has not been patched.”
Stolen Device Protection Update
Apple said that the newest update will impact the device’s Stolen Device Protection, which was introduced in a recent iOS update. The service will include an option for more security in all locations.
With the feature turned on, an unauthorized user of the iPhone or iPad would not be able to lock the owner out or access the device. The device would need to obtain more authentication to access information or make changes.
Other Changes
This week, Apple also overhauled its iPhone App Store in the European Union in a bid to comply with EU law. Among other things, people in Europe can download iPhone apps from stores not operated by Apple and are getting alternative ways to pay for in-app transactions, which Apple has long prohibited.
Apple has said that the new EU regulations president unnecessary security risks to iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystems and raising the specter of more unsavory services peddling pornography, illegal drugs, and other content that the company has long prohibited in its App Store.
The measures took effect only days after EU regulators fined Apple about $2 billion for blocking competition in the music streaming market under antitrust laws.
How to Update
The update will be automatic for many iPhone users, but it depends on their phone settings.
Users can go to the iPhone’s Settings before tapping General, then tapping Software Update to download and install iOS 17.4 as well as the aforementioned security fixes. That download can be accessed regardless of whether the user has automatic updates turned on or off.
According to the company, its latest iOS and iPhone update will separately provide more crash detection optimizations for all iPhone 14 and iPhone 15 models. Apple posted its most recent update’s full release notes on its website.
The Associated Press contributed to this report.
From The Epoch Times
