Regain clarity with CleanMyPhone by MacPaw — the new AI-powered cleaning app that quickly identifies and removes blurred images, screenshots, and other clutter from your device. Download it now with a free trial.
iOS 17.4 is here for all users and comes with lots of changes including new emoji, a CarPlay update, EU App Store changes, quantum security for iMessage, and more. However, there are also important security fixes with the release. Here are all the details.
Update 3/7/24: Apple has updated the list of security fixes for iOS 17.4 pushing it from 4 to over 40 patches.
Just after launching iOS 17.4 for all users today, Apple shared the specifics of the important security fixes on its website.
2 reportedly exploited flaws patched and more
- A kernel flaw was patched that allowed attackers to “bypass kernel memory protections.”
- Apple is aware of a report this flaw was actively exploited
- An RTKit flaw also allowed malicious parties to “bypass kernel memory protections.”
- Apple is aware of a report this flaw was actively exploited
The remaining two flaws were for Accessibility which allowed an app to “read sensitive location information and Safari Private Browsing which may have shown locked tabs as visible for a short time.
Here are the full security release notes:
Additional CVE entries coming soon.
Accessibility
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-23243: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23225
RTKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23296
Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A user’s locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled
Description: A logic issue was addressed with improved state management.
CVE-2024-23256: Om Kothawade
Additional recognition
AirDrop
We would like to acknowledge Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania for their assistance.
Mail Conversation View
We would like to acknowledge an anonymous researcher for their assistance.
NetworkExtension
We would like to acknowledge Mathy Vanhoef (KU Leuven University) for their assistance.
Settings
We would like to acknowledge Christian Scalese, Logan Ramgoon, Lucas Monteiro, Daniel Monteiro, Felipe Monteiro, and Peter Watthey for their assistance.
FTC: We use income earning auto affiliate links. More.
Comments