patched Apple

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS.

Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Update options on iPadOS
Update options

Technical details

Noteworthy are four vulnerabilities in Siri and another vulnerability in Accessibility which would allow an attacker with physical access to view sensitive user information. This may not seem very urgent at first, but if your device gets stolen then the thief can learn things about you which is far from ideal.

These are some of the vulnerabilities that jumped out at us.

CVE-2024-44274: a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1 with improved authentication.

CVE-2024-44282: a vulnerability in Foundation where parsing a file could lead to disclosure of user information. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1 by improved input validation. Foundation serves as a fundamental framework that offers a base layer of functionality for Apple’s operating systems. Among others it’s responsible for file system access.

CVE-2024-40867: a vulnerability in iTunes caused by a custom URL scheme handling issue that could be used by an attacker to break out of Web Content sandbox. This issue is fixed in iOS 18.1 and iPadOS 18.1 by improved input validation. Breaking out of the Web Content sandbox allows a malicious website or attacker to potentially access sensitive data, control other parts of the system, and compromise the overall security of the device beyond the intended limitations of the web browser.


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.