US cybersecurity officials are urging millions of Americans to update their Apple devices immediately to avoid potential hacking threats.
The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that users upgrade to the latest iOS version right away.
The iOS 17.6 update, released on Monday, includes 35 security patches designed to safeguard users from hackers who might steal personal data, track locations, or gain control of their iPhones.
This update applies to all iPhone Xs, Xs Max, and XR models released from 2018 onward.
One of the fixes addresses a vulnerability in the iPhone’s operating system that allowed hackers to crash the software and another that let apps ignore user privacy settings.
Despite Apple’s upcoming release of iOS 18, experts stress that the iOS 17.6 update should not be overlooked.
Although Apple hasn’t detailed the specific security flaws, it has indicated that two critical issues were found in the Kernel, the core of the iPhone’s operating system. The first (CVE-2024-27863) allowed cybercriminals to view the phone’s memory layout, while the second (CVE-2024-40788) could force the device to shut down.
Both Kernel vulnerabilities gave hackers potential full access to the iPhone.
Sean Wright, head of application security at Featurespace, told Forbes that these Kernel flaws “could be combined with other vulnerabilities to fully compromise the device.”
Additionally, WebKit, the engine behind Safari, received eight security updates to address issues that could let hackers execute cross-site scripting attacks, tricking users into visiting malicious web content.
Phishing links could then lead to malware being installed, which could steal sensitive information or track phone activity, and potentially deceive users into providing personal details such as login credentials, credit card information, and social security numbers.
While Apple has not disclosed the exact security issues, it stated that it would not reveal details until investigations and patches are in place. This approach helps prevent exploitation of the vulnerabilities before users can update their devices.
Apple also highlighted that the iOS 17.6 update fixes a Siri security flaw that previously allowed attackers to bypass protections and access sensitive information via the personal assistant. It also addresses a “Family Sharing” issue where hackers could obtain sensitive location data through certain apps.
There’s currently no evidence that these vulnerabilities have been exploited, but experts advise updating without delay.
Wright advised Forbes that while there’s no need for panic, users should “update as soon as possible.”
With iOS 18 set for release in mid to late September, users should update to iOS 17.6 now by going to the general settings on their device and selecting “upgrade to iOS 17.6.”