iOS 17.5—Apple Issues Update Now Warning To All iPhone Users | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Apple has issued iOS 17.5 along with a warning to update your iPhone as soon as possible. That’s because iOS 17.5 fixes 15 security vulnerabilities, some of which are serious.

Apple remains tight-lipped about exactly what is fixed in iOS 17.5, to ensure as many people as possible are able to upgrade their iPhones before attackers can get hold of the details.

Among the important flaws patched in iOS 17.5 are an issue in the Kernel at the heart of the iPhone operating system tracked as CVE-2024-27818, which could allow an attacker to execute code. Another issue fixed in iOS 17.5, in AppleAVD, could see an adversary able to execute arbitrary code with Kernel privileges if a user downloads an app, Apple said on its support page.

Another significant bug squashed in iOS 17.5 is a vulnerability in Voice Control that could allow an attacker to elevate privileges. Meanwhile, CVE-2024-27834 is a flaw in WebKit, the engine that underpins the Safari browser, which could allow an attacker to bypass Pointer Authentication.

An issue in MarketplaceKit tracked as CVE-2024-27852 and reported by researchers at security outfit Mysk could see a maliciously crafted webpage able to distribute a script that tracks users on other webpages.

Sean Wright, head of application security at Featurespace, calls the fixes issued in iOS 17.5 “a mixed bag.”

The worst is the kernel flaw, he says. “This could be chained with some of the other vulnerabilities to allow an attacker to gain full access to the device.”

ForbesCheck Your iPhone Now-These Models Will No Longer Get Updates

Apple Issues iOS 16.7.8 To Fix Already-Exploited Issue

Alongside iOS 17.5, Apple has issued iOS 16.7.8, fixing two issues, one of which is already being used in real-life attacks. Tracked as CVE-2024-23296, the flaw in RTKit could enable an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. “Apple is aware of a report that this issue may have been exploited,” Apple wrote on its support page.

The iOS 16.7.8 is available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

ForbesNew iOS 18 AI Security Move Changes The Game For All iPhone Users

Why You Should Update Now To iOS 17.5 Or iOS 16.7.8

It’s been a while since Apple’s last security update, iOS 17.4.1—released in March—which fixed multiple serious security flaws. The update before that, iOS 17.4, was an emergency patch for issues being used in real life attacks.

The iOS 16.7.8 update is similar as it also patches already-exploited security issues. If you have an older device, updating to iOS 16.7.8 is a no-brainer, given that the flaw is being used in attacks.

While iOS 17.5 doesn’t cover any already-exploited flaws—at least that we know about—some of the issues are serious making it important you update your iPhone as soon as you can.

At the same time, the iOS 17.5 update contains cool new features, including unwanted tracker protection, as well as bug fixes.

The iOS 17.5 update is available for the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later and iPad mini 5th generation and later.

If you care about your security, you will need to apply iOS 17.5 or iOS 16.7.8 manually, because Apple’s automatic updates can take a while to reach iPhones. It’s during this time that your device remains open to attack.

Wright says there is no need to panic, but ensure that you update “as soon as you can.”

So what are you waiting for? Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.5 or iOS 16.7.8 now.


Click Here For The Original Source.

National Cyber Security