Another big reason to install iOS 17.4 right now – it fixes two major security threats

Apple has just launched iOS 17.4, and right now everyone’s attention is focused on how it lets you run third-party app stores on your iPhone – although only if you're in the European Union. But there’s another important reason you should upgrade: it fixes two extremely serious security flaws.

In a new security post (via BleepingComputer), Apple says that iOS 17.4 and iPadOS 17.4 resolve two zero-day bugs in the iOS kernel and Apple’s RTKit that might allow an attacker to bypass your device’s kernel memory protections. That could potentially give malicious actors very high-level access to your device, so it’s imperative that you patch your iPhone as soon as possible by opening the Settings app, going to General > Software Update and following the on-screen instructions.

These issues are not just hypothetical; Apple says it is “aware of a report that this issue may have been exploited” in both cases, and if a zero-day flaw has been actively exploited it means hackers have been able to take advantage of these issues without anyone knowing. With that in mind, there’s every reason to update your device now that Apple has issued a set of fixes.

Apple says the bugs affect a wide range of devices: the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. In other words, a lot of people are potentially impacted.

Actively exploited

holding an iphone

(Image credit: Shutterstock)

Zero-day flaws like these are usually exploited in targeted attacks, often by sophisticated state-sponsored groups. Apple didn’t share any details of how or when these vulnerabilities were put to nefarious use, nor whether they were discovered by Apple’s own security teams or by external researchers.

Apple devices are known for their strong defenses, but are increasingly falling under hackers’ crosshairs. Recent research suggests that there were 20 active zero-day flaws targeting Apple products in 2023 – double the number of the previous year. According to BleepingComputer, three zero-day attacks on Apple devices have been patched so far in 2024.

This kind of exploit demonstrates why it’s so important to keep all of your devices updated with the latest patches, especially if they include security fixes. Leaving yourself vulnerable is a dangerous gamble when there are extremely sophisticated hacking groups out there in the wild. With that in mind, make sure you download the latest iOS 17.4 update as soon as you can.

You might also like

TechRadar – All the latest technology news

Read More

Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do

Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10.

The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft releases a swathe of patches to fix issues in its software.

While many of the vulnerabilities, which don’t just affect new versions of Windows, but also older versions such as Windows 8, Windows 7 and Windows Server 2019, were fixed with patches, six of the threats were highlighted as zero day threats.

While many security vulnerabilities are thankfully found and fixed before malicious users find and exploit them, zero day threats are vulnerabilities that are already out in the wild, which means they are particularly worrying.

In total, Microsoft announced the existence of 97 new exploits – which is certainly a troubling number. As a report in Forbes explains, Microsoft has limited the information about the zero day exploits to ensure it has time to address them before they are exploited. Microsoft believes that so far, there have not been any attacks using the vulnerabilities. Obviously, though, time is of the essence.

The zero day vulnerabilities are:

  • Critical – CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
  • Important – CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
  • Important – CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
  • Important – CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
  • Important – CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
  • Important – CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)

Of the 97 vulnerabilities, eight are labeled as ‘critical’, with 88 labeled as ‘important’. This means they are particularly dangerous, so users should make sure they are protected against them as soon as possible.

What should you do?

Microsoft’s warning is certainly troubling, but there’s no need to panic, as long as you take some precautionary steps. While the zero day threats are in the wild, they’ve not been used and Microsoft is actively working on fixes.

Meanwhile, it has also created patches for many of the other vulnerabilities. So, the best thing you can do right now is ensure that Windows 11 (or whichever version you have installed) is updated with the latest security patches.

They should download automatically, and If that’s the case you may see a prompt in the taskbar to restart your PC. You may also notice when you go to turn off your PC that there are options to ‘Update and restart’ and ‘Update and shut down’ – make sure you pick one of those.

You should also check to make sure there are no updates waiting for you. To do this, open up Settings and go to Windows Update > Check for Updates. If any are found, download and install them.

If you have any anti-virus or anti-malware software installed, make sure they are updated as well.

Hopefully Microsoft will continue to investigate and fix these vulnerabilities ASAP.

TechRadar – All the latest technology news

Read More