iOS 17.5—Apple Issues Update Now Warning To All iPhone Users
AI & Technology

iOS 17.5—Apple Issues Update Now Warning To All iPhone Users

Apple has issued iOS 17.5 along with a warning to update your iPhone as soon as possible. That’s because iOS 17.5 fixes 15 security vulnerabilities, some of which are serious.

Apple remains tight-lipped about exactly what is fixed in iOS 17.5, to ensure as many people as possible are able to upgrade their iPhones before attackers can get hold of the details.

Among the important flaws patched in iOS 17.5 are an issue in the Kernel at the heart of the iPhone operating system tracked as CVE-2024-27818, which could allow an attacker to execute code. Another issue fixed in iOS 17.5, in AppleAVD, could see an adversary able to execute arbitrary code with Kernel privileges if a user downloads an app, Apple said on its support page.

05/14 update below. This article was first published on 05/13.

Another significant bug squashed in iOS 17.5 is a vulnerability in Voice Control that could allow an attacker to elevate privileges. Meanwhile, CVE-2024-27834 is a flaw in WebKit, the engine that underpins the Safari browser, which could allow an attacker to bypass Pointer Authentication.

An issue in MarketplaceKit tracked as CVE-2024-27852 and reported by researchers at security outfit Mysk could see a maliciously crafted webpage able to distribute a script that tracks users on other webpages.

Sean Wright, head of application security at Featurespace, calls the fixes issued in iOS 17.5 “a mixed bag.”

The worst is the kernel flaw, he says. “This could be chained with some of the other vulnerabilities to allow an attacker to gain full access to the device.”

POC for iOS 17.5 Kernel Flaw Will Soon Be Ready

One day after iOS 17.5 was issued, more is being unveiled about the security fixes. Notably, a security researcher Meysam who claims to have reported the kernel vulnerability has described in a post on X, formally Twitter, how he reported the flaw in iOS 17.4.1—the previous version of iOS 17. He plans to publish a proof of concept to demonstrate how it works “soon.”

While he is keen to point out that this is not an exploit—ie a direct method of exploiting the issue—it does make updating to iOS 17.5 especially crucial. The more attackers know about the flaw, the more likely it is they can use it in attacks.

ForbesCheck Your iPhone Now-These Models Will No Longer Get Updates

Apple Issues iOS 16.7.8 To Fix Already-Exploited Issue

Alongside iOS 17.5, Apple has issued iOS 16.7.8, fixing two issues, one of which is already being used in real-life attacks. Tracked as CVE-2024-23296, the flaw in RTKit could enable an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. “Apple is aware of a report that this issue may have been exploited,” Apple wrote on its support page.

The iOS 16.7.8 is available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

ForbesNew iOS 18 AI Security Move Changes The Game For All iPhone Users

Why You Should Update Now To iOS 17.5 Or iOS 16.7.8

It’s been a while since Apple’s last security update, iOS 17.4.1—released in March—which fixed multiple serious security flaws. The update before that, iOS 17.4, was an emergency patch for issues being used in real life attacks.

The iOS 16.7.8 update is similar as it also patches already-exploited security issues. If you have an older device, updating to iOS 16.7.8 is a no-brainer, given that the flaw is being used in attacks.

While iOS 17.5 doesn’t cover any already-exploited flaws—at least that we know about—some of the issues are serious making it important you update your iPhone as soon as you can.

At the same time, the iOS 17.5 update contains cool new features, including unwanted tracker protection, as well as bug fixes.

The iOS 17.5 update is available for the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later and iPad mini 5th generation and later.

If you care about your security, you will need to apply iOS 17.5 or iOS 16.7.8 manually, because Apple’s automatic updates can take a while to reach iPhones. It’s during this time that your device remains open to attack.

Wright says there is no need to panic, but ensure that you update “as soon as you can.”

So what are you waiting for? Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.5 or iOS 16.7.8 now.

ForbesApple Sends Spyware Attack Alerts To iPhone Users In 92 Countries

05/14 update: As well as important security fixes, the iOS 17.5 update contains a feature that helps stop unwanted tracking across platforms. Building on Apple’s iPhone feature to detect AirTags that might have been slipped into a bag or placed in a vehicle, the unwanted tracking tool in iOS 17.5 is a result of a partnership between Apple and its rival Google.

After releasing iOS 17.5, Apple has issued a press release to confirm the anti-tracking features are live. It describes how Apple and Google worked together to create an industry specification—Detecting Unwanted Location Trackers—for Bluetooth tracking devices. “This will help mitigate the misuse of devices designed to help keep track of belongings,” the statement reads, adding that Apple is implementing this capability in iOS 17.5, and Google in its Android 6.0+ devices.

The iOS 17.5 feature means users will get an “[Item] Found Moving With You” alert if an unknown Bluetooth tracking device is detected.

It works across platforms, with Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola and Pebblebee saying future tags will be compatible.

Among the benefits, it offers instructions and best practices for manufacturers, “should they choose to build unwanted tracking alert capabilities into their products,” according to Apple and Google.

The standard is ongoing: Apple and Google are working with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard.