Apple has released iOS 18.2, along with Apple Intelligence features and 21 security reasons to … [+]
Update Dec. 13, 2024: This story, originally published Dec. 11, now includes details about a new CISA warning and an alert from researchers at security outfit Malwarebytes. A Dec. 12 update added information about the Passwords flaw patched in iOS 18.2, as well as other updates issued by Apple.
Apple has issued iOS 18.2, along with the first major Apple Intelligence features and 21 security updates you should apply to your iPhone now.
Many iPhone users will see iOS 18.2 as a reason to update to iOS 18 and the security fixes in this release should add to the incentive. The iOS 18.2 upgrade includes important fixes to the iPhone Kernel as well as WebKit, the engine that underpins the Safari browser — and patches for flaws that could allow an attacker to execute code on your device.
The release of iOS 18.2 comes as Apple halts the ability to choose whether to upgrade to iOS 18.
Alongside iOS 18.2, Apple also released iPadOS 17.7.3 for users who have older devices, patching a list of 14 flaws. But note that the list of compatible devices is much smaller than previous iOS 17 updates — Apple’s iPadOS 17.7.3 is available for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch and iPad 6th generation.
This indicates Apple is no longer giving you the option to stay on iOS 17 if you have a iOS 18-compatible device. If you remain on iOS 17, this means you will no longer be secure.
What’s Fixed In iOS 18.2?
Apple doesn’t give much detail about what’s fixed in iOS 18.2, to give iPhone users as much time to update as possible before criminals can get hold of the details.
Among the issues fixed in iOS 18.2 are three Kernel flaws tracked as CVE-2024-54494, CVE-2024-54510 and CVE-2024-44245, the last of which could allow an app to cause unexpected system termination or corrupt Kernel memory, according to Apple’s support page.
An issue in libexpat tracked as CVE-2024-45490 is particularly worrying, as it could see a remote attacker cause an unexpected app termination or execute code.
Apple’s iOS 18.2 also patches two flaws in libxpc, one of which could see an app able to gain elevated privileges.
Four vulnerabilities in WebKit were fixed in iOS 18.2, allowing memory corruption if you were persuaded to interact with malicious web content.
A flaw in Passwords, tracked as CVE-2024-54492 and reported by researchers at Mysk, could also be a concern. Using the vulnerability patched in iOS 18.2, an attacker in a privileged network position could be able to alter network traffic, according to Apple’s description.
The issue was addressed by using secure web protocol HTTPS when sending information over the network. “Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries — a potential risk,” Mysk researchers said.
Sean Wright, head of application security at Featurespace highlights the Passwords flaw seeing HTTP used instead of HTTPS as “a bit of a concern.”
He advises “updating as soon as you can,” highlighting the benefits of the new Apple Intelligence features.
Other Apple Patches Released Alongside iOS 18.2
Alongside iOS 18.2 and iOS 17.7.3, Apple released Safari 18.2, fixing four WebKit issues and one Safari flaw. The iPhone maker also issued macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, watchOS 11.2, tvOS 18.2 and visionOS 2.2.
CISA Issues New Warning To Update To iOS 18.2
As if there wasn’t enough reason to update to iOS 18.2, the U.S. Cybersecurity and Infrastructure Agency (CISA) has now entered the conversation with its own warning.
“Apple released security updates to address vulnerabilities in multiple Apple products,” CISA wrote on its website. “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” the security agency added.
With this in mind, CISA is encouraging users and administrators to review the advisories issued for iOS 18.2 and other upgrades released by Apple on Dec. 11 and “apply necessary updates.”
The CISA warning to update to iOS 18.2 is in addition to a new alert from researchers at security outfit Malwarebytes. The firm has alerted users that Apple has issued security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. Pieter Arntz, malware intelligence researcher at Malwarebytes is advising users to upgrade their software now.
He describes the vulnerability in the open-source XML parser libexpat tracked as CVE-2024-45490 as a “noteworthy” flaw is. “This vulnerability has been patched in several popular applications since it was discovered in August,” Arntz wrote in the blog.
Another “important one” is the vulnerability tracked as CVE-2024-54529, which is found in the Audio component of macOS and could allow an app to execute arbitrary code with Kernel privileges, Antz warned. “This means that if you install a malicious app that can exploit this vulnerability, it could take over your system.”
A scary thought.
Malwarebytes also advises you to turn on Automatic Updates if you haven’t already, which you can do on the Software Update screen. However, be aware that Apple rolls out its updates gradually so you can be waiting a number of days to receive important upgrades. Therefore I suggest checking your iPhone and my Forbes profile and applying them manually.
Why You Should Update Now To iOS 18.2
The security updates alone and the fact you can’t stay on iOS 17 and remain secure should be enough to persuade you to update now to iOS 18.2. But Apple’s iOS 18.2 also includes a number of very cool features, including the ability to use OpenAI’s ChatGPT, which is now integrated with Siri for the first time.
Apple’s iOS 18.2 is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
So, what are you waiting for? Go to your Settings > General > Software Update and upgrade to iOS 18.2 as soon as you can.