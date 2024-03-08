



Apple has issued iOS 17.4 and warned you to update now. That's because iOS 17.4 fixes at least four security issues, two of which are already being used in real-world attacks.

Apple hasn't revealed many details about what's fixed in iOS 17.4 in order to allow as many iPhone users as possible to update before attackers get the details. The first flaw, which has already been exploited, is a kernel issue at the heart of the iPhone operating system, tracked as CVE-2024-23225.

An issue fixed in iOS 17.4 could allow an attacker with arbitrary kernel read and write capabilities to bypass memory protections, Apple said on a support page. Apple said it is aware of reports that this issue may have been exploited.

Apple also fixed this single issue in iOS 16.7.6 for users of older devices.

Another bug in RTKit, a real-time operating system based on the RTKit framework and used in Apple devices such as AirPods, Siri Remote, Apple Pencil 2, and Smart Keyboard Folio, is tracked as CVE-2024-23296. According to Apple, a flaw fixed in iOS 17.4 could allow an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections.

Again, Apple said it is aware of reports that this issue may have been exploited.

If exploited, these two issues could put the entire device at risk, said Sean Wright, head of application security at Featurespace.

But he says it will be very difficult to pull off a successful attack. The attacker must either convince the victim to install a malicious application or exploit a previous unpatched vulnerability.

Apple's iOS 17.4 also fixes an accessibility issue that could allow apps to read sensitive location information. Meanwhile, a flaw in Safari Private Browsing could cause a user's locked tabs to be temporarily visible when switching between tab groups.

Other iPhone updates

In addition to iOS 17.4 and iOS 16.7.6, Apple is also releasing iOS 15.8.2 and We also released iPadOS 15.8.2. mini (4th generation), iPod touch (7th generation).

iOS 15.8.2 update does not include CV entries. That is, it does not include security fixes. Instead, updates for older iPhones likely contain bug fixes, so they're worth prioritizing if you have an older iPhone.

However, it's also worth noting that if your iPhone can run iOS 17, you should upgrade to the latest software version, iOS 17.4. Apple no longer supports iOS 16 on devices starting with the iPhone X, so if you don't upgrade, you'll be open to attack.

Update: Details on Apple security fixes, more devices patched

On March 7, Apple released details of security issues fixed in iOS 17.4 and updates for other devices. It's not clear why these weren't listed in the original iOS 17.4 release, but it's clear that Apple highlighted flaws that were already being exploited to signal to people the urgency of upgrading.

In addition to the three issues that Apple originally detailed as being patched in iOS 17.4, the iPhone maker has listed nearly 40 fixes on its security page. That may sound like a big number, but it's normal for big point upgrades like iOS 17.4.

As part of the iOS 17.4 patch list, Apple fixed a whopping six flaws in WebKit, the engine that powers the Safari browser. One of the issues, tracked as CVE-2024-23226, could potentially lead to arbitrary code execution through processing of malicious web content. CVE-2024-23284 and CVE-2024-23263 could prevent the enforcement of content security policies by processing malicious web content.

Two more iPhone kernel flaws were fixed in iOS 17.4. The first could allow the app to access sensitive user data, and the second could allow the app to cause an unexpected system termination or write to kernel memory.

A severe issue in libxpc could allow an app to escape from the sandbox, and a second flaw could allow an app to execute arbitrary code from the sandbox or with certain elevated privileges. Meanwhile, an issue in the sandbox itself, tracked as CVE-2024-23239, could allow the app to leak sensitive user information.

A bug in ImageIO, tracked as CVE-2024-23286, could lead to arbitrary code execution. On the other hand, an image processing issue tracked as CVE-2024-23270 could allow an app to execute arbitrary code with kernel privileges.

Also on March 7, Apple released Safari 17.4 for the browser, including several WebKit patches, and macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4, watchOS 10.4, and tvOS 17.4 for Apple Vision Pro. , published visionOS 1.1. .

Updates to macOS, watchOS, tvOS, and visionOS contain issues that have already been exploited in the kernel and RTKit, so it makes sense to treat them as emergencies and update your devices as soon as possible.

Why you should update to iOS 17.4 now

Apple's iOS 17.4 includes significant changes that open up iPhones to sideloading for EU users. It also includes some great new features, including updates to stolen device protection that enable security delays everywhere.

Meanwhile, the iOS 17.4 upgrade also includes updates to iMessage that improve the security and privacy of your iPhone. Apple says the move to add the PQ3 messaging protocol will help it pre-empt future security threats such as quantum-based attacks.

With so many issues fixed and two of the flaws already being used in attacks, it goes without saying that if you care about security, you should update to iOS 17.4 now.

what are you looking for? iPhone's[設定]>[一般]>[ソフトウェア アップデート]Go to and download and install iOS 17.4 as soon as possible.

