US cyber officials are urging millions of Americans to update their Apple devices or risk being hacked.
The Cybersecurity and Infrastructure Security Agency (CISA) is instructing people to update their devices to the newest iOS system immediately.
The iOS 17.6 update, released Monday, included 35 security fixes to protect users from hackers stealing their personal data, location or taking control of the iPhone.
This update applies to all iPhone Xs, Xs Max and XR phones issued in 2018 or later.
One of the security patches addressed a flaw in the iPhone’s operating system that allowed hackers to cause the software to shut down and a separate bug that permitted apps to disregard user’s privacy preferences.
Apple has issued an urgent warning to all 1.46 billion iPhone users, instructing them to update their devices to the newest iOS system immediately. The iOS 17.6 update will release 35 security fixes to protect users from hackers stealing their personal data, location or taking control of the iPhone
Although Apple has confirmed it will launch its iOS 18 software in the coming months, experts have warned the iOS 17.6 update is not something users should ignore.
Apple didn’t explain the exact security issues in its new update, but broadly stated that two were found in Kernel – the core of the iPhone’s operating system.
The first issue (CVE-2024-27863) allowed cybercriminals to determine the phone’s memory layout and the second (CVE-2024-40788) could enable an attacker to cause the device to shut down automatically.
Both Kernel security bugs allowed hackers to gain full access to the iPhone.
Sean Wright, the head of application security at Featurespace, told Forbes that the Kernel flaws ‘could be chained together with other vulnerabilities to allow the entire device to be compromised.’
WebKit – the engine that powers the Safari web browser – also received eight updates for security issues that allowed hackers to issue a cross-scripting attack that would entice users to open malicious web content.
When you click on a malicious link, also called a phishing link, malware can be downloaded onto the device that can steal sensitive information and track your phone’s activity.
It could also trick users into providing personal information like login credentials, credit card information and social security numbers.
While Apple did broadly confirm where the vulnerabilities were, it said on its site that it won’t ‘disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available.’
This is so bad actors can’t take advantage of the vulnerabilities before customers can update their devices, the company explained.
The iOS 17.6 update applies to all iPhone Xs, Xs Max and XR phones issued in 2018 or later
Apple also warned that the iOS 17.6 update will fix a security issue on Siri that allowed attackers to bypass security measures and use the personal assistant to access sensitive user information.
The iOS software will also update a bug on the ‘Family Sharing’ feature that hackers could use to access sensitive location information through certain apps downloaded to the iPhone.
There is reportedly no evidence that hackers have exploited these back-end issues yet, but experts warn this does not mean you should put off the update.
Wright told Forbes that although users shouldn’t panic about the security issues, it’s still a good idea to ‘update as soon as you can.’
Since Apple’s iOS 18 won’t be released until mid to late September, users should take steps to update their system now, by going to the general section in their settings and selecting ‘upgrade to iOS 17.6.’