Apple has released iOS 18, addressing a total of 32 security vulnerabilities across various components of its operating system.
This comprehensive update is available for iPhone XS and later models, as well as iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Several of the vulnerabilities addressed were particularly concerning due to their potential impact on user privacy and security.
Vulnerabilities Patched
For instance, in the Siri vulnerability, an attacker with physical access could use Siri to access sensitive user data and contacts from the lock screen. This was fixed through improved state management and checks (CVE-2024-40840, CVE-2024-44139, CVE-2024-44180)
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Moreover, vulnerabilities (CVE-2024-44202 & CVE-2024-44127) in Safari Private Browsing were identified, where private browsing tabs could be accessed without authentication. These issues have been resolved through improved state management, ensuring that private browsing sessions remain secure.
Additionally, several vulnerabilities were found in various system components, including Core Bluetooth, FileProvider, and WebKit.
These issues could have allowed malicious apps to access sensitive user data, bypass pairing requirements for Bluetooth devices, and even lead to universal cross-site scripting attacks. Apple has addressed these vulnerabilities through improved state management, input validation, and bounds checking.
Other notable fixes include issues with the Kernel, where network traffic could leak outside a VPN tunnel, and with libxml2, where processing maliciously crafted web content could lead to unexpected process crashes. These issues have been addressed through improved checks and input validation.
The update also includes fixes for vulnerabilities in Accessibility features, Game Center, ImageIO, and Wi-Fi, among others. These fixes are crucial in preventing unauthorized access to user data and ensuring the overall security of Apple devices.
Users are strongly advised to update their devices to iOS 18 as soon as possible to protect against these vulnerabilities. Apple’s commitment to addressing security issues promptly underscores its dedication to user safety and privacy.
To update your device to iOS 18, go to Settings > General > Software Update. Follow the instructions to download and install the update. This will ensure that your device is protected against the vulnerabilities addressed in this release.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial