pixel
Connect with us

Apple

Apple urges users to update to iOS 17.4 due to critical security flaw

Apple has released iOS 17.4 to address a couple of potential security issues and other bugs, including a private browsing bug in Safari, while also introducing new features and emojis.

A smartphone displaying the iOS 17.4 software update screen with the option to 'Download and Install'. The update offers improvements to Phone, Messages, FaceTime, and other features. The phone is centered on a purple background.

Apple’s frequent iOS updates have long been a subject of both appreciation and occasional eye-rolls.

However, the recent iOS 17.4 release isn’t about adding a couple of eyebrow-lifting emojis or sprucing up the aesthetic appeal of your home screen.

There’s more to dig into beneath the surface; let’s take a glance through the new peephole and what’s really cooking under the hood.

A couple of potential security issues have been resolved (Apple didn’t specify whether they were acting up during their work hours or after). Nevertheless, the hardworking folks at Apple have sufficiently patched it.

The security patches swipe clean the iPhone’s kernel and RTKit – which don’t start googling the jargon just yet; we’ll veer into that territory soon enough.

How to update your iPhone to iOS 17.4

Would you like a quick tutorial? Here, I’m going to show you anyway.

Here’s the quick version: To download the update, follow these steps: Settings > General > Software Update > Install Now, and voila! Do follow the subsequent instructions in detail; if you don’t, folks, you’re walking on thin ice here.

Open Settings

Tap on the Settings app.

Navigate to General

Tap on the General category.

Open Software Update

Tap on Software Update.

Select the update

Apple decoupled major updates from security ones, so tap the Upgrade to iOS 17.4 banner at the bottom.

Download the update

Tap on the Download and Install button.

Confirm the install

Tap on Install, then wait for the iPhone to finish updating and reboot itself.

And you’re done

Once the iPhone reboots, you should be on iOS 17.4.

Pro Tip

While you’re still on the update menu, tap on Automatic Updates and make sure that both toggles next to Download iOS Updates and Install iOS Updates are green. By doing this, you’ll never have to update your iPhone again manually.

ios automatic updates turned on mockup

The iPhone’s kernel and RTKit act as the unsung heroes in this update.

In non-tech terms, imagine the kernel as the conductor of an orchestra; it sets the tempo and controls all the operations within your operating system, ensuring each section (hardware and software) works harmoniously.

On the other hand, RTKit serves as Apple’s version of a ‘timekeeper.’ It’s akin to the precise workings of a clock, making sure everything within the system happens exactly when it should, crucial for instantaneous applications.

In an almost poetic description, Apple explains that an attacker armed with arbitrary kernel read and write capability could jump over these kernel memory protections. Evidently, tech warfare isn’t pretty.

If you want to dive into the nuts and bolts of these newly patched exploits, here’s how they’re classified in the Common Vulnerabilities and Exposures (CVE) database:

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2024-23243: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Description: A memory corruption issue was addressed with improved validation.

CVE-2024-23225

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Description: A memory corruption issue was addressed with improved validation.

CVE-2024-23296

The iOS 17.4 update also fixes Safari’s private browsing mode bug that could make hidden tabs visible when switching tab groups. So far, according to Apple, these issues have not been exploited in real-time.

If any malevolent actor dodged past these defenses, your system could plunge into dangerous territory. Thankfully, a two-minute update solves that. So, get to it. Put the phone down, put it on a charger, and get it updated.

Do you have any thoughts on this? Please leave a comment below or take the discussion to Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Apple