updated on July 31 to include information about other updates released concurrently with the latest CISA advisory regarding iOS 17.6.
Apple has released iOS 17.6 and advised users to update immediately. This is due to the fact that iOS 17.6 includes a whopping 35 security updates for significant flaws in Apple’s iPhone operating system.
In order to encourage as many users to update as soon as possible—before hackers have a chance to obtain the information—Apple withholds information about the specific fixes included in iOS 17.6. Nevertheless, the list on Apple’s support page indicates that iOS 17.6 fixes multiple issues with WebKit, the engine that powers the Safari browser, as well as faults with the Kernel, which powers the iPhone operating system.
It has taken a while for the iOS 17.6 update to arrive. Midway through May, Apple released iOS 17.5, the final significant security upgrade.
Updates for Security in iOS 17.6
Among the noteworthy updates is iOS 17.6, which addresses two Kernel problems identified as CVE-2024-27863 and CVE-2024-40788. According to Apple’s support page, the first bug might let an opponent figure out the kernel memory structure, while the second might let an attacker take advantage of an unexpected system shutdown. For an attacker to exploit either vulnerability, your iPhone must be physically accessible to them.
Additionally, the iOS 17.6 update fixes eight WebKit vulnerabilities, including CVE-2024-40785, which, if you were to fall victim to maliciously created online content, could lead to a cross-site scripting attack.
“Some serious vulnerabilities” have been fixed in Apple’s iOS 17.6, according to Sean Wright, head of application security at Featurespace. “Could be chained together with other vulnerabilities to allow the entire device to be compromised,” he cautions regarding the Kernel issues.
According to Suzan Sakarya, senior manager of EMEIA security strategy at security firm Jamf, “Apple’s latest OS updates—which include iOS 17.6 and iPadOS 17.6—contain important security content addressing critical vulnerabilities that put users and organizations at risk.”
According to her, the most recent WebKit issues may result in unexpected process crashes and cross-site scripting attacks.
Several updates to Apple’s security In addition to iOS 17.6
Apple also published iOS 16.7.9 for older iPhones, which addresses a fewer number of security issues, along with iOS 17.6.
Additionally, Apple released Safari 17.6, which resolved several WebKit bugs. Meanwhile, other bugs have been fixed in macOS Sonoma 14.6. These include problems with WebKit, the Kernel, Image IO, and the Keychain.
In addition, the iPhone manufacturer fixed numerous bugs with the release of macOS Ventura 13.6.8, macOS Monterey 12.7.6, watchOS 10.6, and tvOS 17.6. More than a dozen vulnerabilities have been fixed in Apple’s most recent visionOS 1.3 upgrade for mixed reality headsets.
In a separate notice, the U.S. Cybersecurity and Infrastructure Agency advises administrators and users to update to iOS 17.6 immediately. The other Apple releases, such as iOS 16.7.9, tvOS 17.6, watchOS 10.6, Safari 17.6, and MacOS Sonoma 16.6, are also listed in CISA.
The Kernel weaknesses that might allow an adversary to take control of your iPhone or other Apple device seem to be of particular concern to CISA. These problems require a “local attacker” to be physically close to your device in order to occur. On the other hand, hackers might combine these with additional security flaws to remotely access your computer.
According to CISA’s advisory, “Apple released security updates to address vulnerabilities in watchOS, tvOS, Safari, iOS, iPadOS, macOS, and visionOS.” Some of these vulnerabilities could be used by a cyber threat actor to gain control of a compromised machine. The following warnings should be reviewed by users and administrators, and any necessary changes should be applied.
Even though none of the vulnerabilities have been exploited in actual attacks as of yet, iOS 17.6 addresses a number of extremely dangerous security holes. An attacker might be able to take control of your iPhone if they managed to take over the Kernel.
Wright notes that while there’s no need to worry, it’s a good idea to “update as soon as you can” in light of this.
This update to iOS 17.6 may be the final one before Apple launches iOS 18 in September, which is another reason to do it now. Because they would like to wait a few point updates for the early flaws to be fixed, some Apple consumers may be hesitant to update to iOS 18.
Because it is aware of this, Apple typically provides critical security patches for a month or so after releasing a significant update for its older operating system. On the most recent iPhone operating system, you are always more secure because these fixes are not as comprehensive.
The iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and after, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later are all compatible with Apple’s iOS 17.6 update. The iPhone XS and later are not supported.
Updating to iOS 17.6 right now will make sure your iPhone is as safe as possible while you wait for the iOS 18 upgrade, which is a long way off. Why do you wait? To update to iOS 17.6, navigate to Settings > General > Software Update on your iPhone.