iOS 17.4 Fixes Two Big iPhone Security Flaws

iOS 17.4 Fixes Two Big iPhone Security Flaws

On Tuesday, Apple released iOS 17.4 and iPadOS 17.4 for compatible iPhones and iPads. It’s a substantial update—at least if you live in the E.U., where it introduces third-party app stores and non-WebKit web browser support—but the rest of the world gets some cool new features, too, from automatic transcripts in Apple Podcasts to 118 new emojis.

However, new features are far from the only reason you should prioritize this update for your iPhone or iPad. In fact, you should update your Apple devices as soon as possible, since iOS and iPadOS 17.4 also patch two big zero-day security vulnerabilities.

Security updates in iOS and iPadOS 17.4

While new Apple software updates usually come with release notes—a list of features, changes, and bug fixes in the update—the company is usually slower to release an update’s security notes. In the hours after 17.4’s release, Apple finally issued its security notes, detailing the four security patches it includes for your iPhone or iPad.

Two of these patches aren’t quite as serious: One is a fix for an Accessibility flaw that could allow an app to read sensitive location information, while the other is a fix for a Safari Private Browsing flaw that could reveal your locked tabs while switching tab groups in private browsing.

However, the other two vulnerabilities are much more important to address. Both fixes, one for a Kernel (the core of iOS and iPadOS) flaw and one for an RTKit (the platform for controlling iOS and iPadOS’ time functionality) flaw, allow an attacker to bypass kernel memory protections, which would allow them to take over the memory allocated to your iPhone or iPad’s most basic OS functions.

Aside from being a scary prospect, these two vulnerabilities are especially serious because Apple confirmed that there are known exploits for them in the wild. That means someone, somewhere not only knows about these two flaws, but has taken advantage of them. That makes it imperative for all of us with one of these Apple devices to update as soon as possible.

The Kernel flaw in particular is so severe, Apple also issued updates for iOS and iPadOS 16.7.6 for iPhone 8 and newer. They also seeded iOS and iPadOS 15.8.2 for iPhone 6S and newer, but did not issue security notes, so we can’t say what exactly those updates patch.

How to update your iPhone or iPad to protect your devices

Whether you’re running iOS 17, iOS 16, or iOS 15, you should update your iPhone or iPad immediately. To do so, head to Settings > General > Software Update. Allow your device to look for the new update, then, when available, follow the on-screen instructions to download and install the latest version. If you have Automatic Updates enabled, your device may update on its own when connected to power and wifi, but this can take some time. The fastest way to update is to do so manually.

The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.