![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/02\/Apple-software-update-red-critical-urgent-600x300-1.png\")
<\/p>\n<\/p>\n
On Tuesday, March 5, Apple released significant operating system updates for iPhone and iPad. The iOS 17.4 and iPadOS 17.4 updates include new features as well as critical security updates. Let’s explore everything you should know about what Apple changed.<\/p>\n
Update: Apple released updates for macOS, etc. on Thursday, March 7.<\/a> <\/strong>Now that Apple has released more details about the iOS security updates, we’ve noted this below.<\/p>\n In this article:<\/em><\/p>\n Available for:<\/strong> Apple’s iOS 17 release notes<\/a> detail a number of significant changes, including the following.<\/p>\n There are other significant changes in iOS 17.4 that Apple did not mention in its release notes. Exclusively in EU countries (due to the new Digital Markets Act), iOS 17 now supports third-party app stores<\/a>. Additionally, browsers can use their own rendering engines<\/a>, just like on desktop computers and Android phones; Apple no longer forces developers to use its WebKit engine on iOS. These changes are notably absent from iPadOS 17.4 because the European Commission has not declared iPads to be subject to the DMA. And, of course, non-EU countries do not get these changes, either.<\/p>\n On the company’s security release notes page<\/a>, Apple links to details<\/a> about some of the security issues patched in iOS and iPadOS 17.4:<\/p>\n Accessibility<\/strong><\/p>\n Impact: An app may be able to read sensitive location information<\/p>\n Description: A privacy issue was addressed with improved private data redaction for log entries.<\/p>\n CVE-2024-23243: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania<\/p>\n <\/p>\n Kernel<\/strong><\/p>\n Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited<\/span><\/strong>.<\/p>\n Description: A memory corruption issue was addressed with improved validation.<\/p>\n CVE-2024-23225<\/p>\n <\/p>\n RTKit<\/strong><\/p>\n Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited<\/span><\/strong>.<\/p>\n Description: A memory corruption issue was addressed with improved validation.<\/p>\n CVE-2024-23296<\/p>\n <\/p>\n Safari Private Browsing<\/strong><\/p>\n Impact: A user’s locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled<\/p>\n Description: A logic issue was addressed with improved state management.<\/p>\n CVE-2024-23256: Om Kothawade<\/p><\/blockquote>\n Notably, Apple states that “Additional CVE entries [are] coming soon.” Apple will probably release this additional information alongside the forthcoming releases of macOS Sonoma 14.4, tvOS 14.4, and watchOS 10.4.\u00a0Update:\u00a0<\/strong>Apple updated its other operating systems<\/a>, and the total number of CVEs addressed in iOS 17.4 now appears to be 39.<\/p>\n Apple also acknowledged that iOS and iPadOS 17.4 include security or privacy improvements related to AirDrop, Mail Conversation View, NetworkExtension, and Settings. The company did not specify CVE numbers or additional details, other than the names of contributors who offered Apple assistance. Update:<\/strong> Apple added several more “Additional recognitions” for iOS 17.4 upon the release of macOS Sonoma 14.4<\/a>.<\/a><\/p>\n Available for:<\/strong> Apple released a security-only update for iOS and iPadOS 16 for older devices that the 17 versions do not support. However, as is typical, Apple did not patch all security flaws for the older operating systems. While the 17 versions address at least four vulnerabilities with CVE numbers, and at least four other security issues for which Apple didn’t assign CVEs, iOS and iPadOS 16.7.6 only address the “exploited” kernel vulnerability, CVE-2024-23225<\/strong>.<\/p>\n Intego has reached out to Apple seeking clarification whether CVE-2024-23296 (the “exploited” RTKit issue) or CVE-2024-23243 (the Accessibility privacy issue) impact iOS or iPadOS 16. If Apple responds (which is unlikely, based on Apple’s track record), we will update this article.<\/p>\n CVE-2024-23256 (the Safari Private Browsing issue) does not apply to iOS or iPadOS 16; Apple introduced Locked Private Browsing in iOS and iPadOS 17.<\/p>\n Update:<\/strong> After releasing a related round of updates for its other operating systems<\/a>, the total number of patches for iOS 16.7.6<\/a> now appears to be 19. Note that this is significantly fewer than the 39 vulnerabilities that Apple addressed in iOS 17.4.<\/a><\/p>\n Due to the severity and in-the-wild exploitation of two of the vulnerabilities, it is ideal to update as soon as you can.<\/p>\n On your iPhone or iPad<\/strong>, you can go to Settings<\/strong> > General<\/strong> > Software Update<\/strong> to update iOS or iPadOS. (Apple calls this an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there. You can also back up and update your device by connecting it to a Windows PC and using the Apple Devices app<\/a> from the Microsoft Store.<\/p>\n Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data<\/strong> before installing any updates. This gives you a restore point if something does not go as planned. See our article on how to back up your iPhone or iPad to iCloud and to your Mac<\/a>.<\/p>\n\n
iOS 17.4 and iPadOS 17.4<\/h3>\n
\niPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later<\/p>\nNon-security changes in iOS 17.4 and iPadOS 17.4<\/strong><\/h4>\n
\n
Security fixes and improvements in iOS 17.4 and iPadOS 17.4<\/strong><\/h4>\n
iOS 16.7.6 and iPadOS 16.7.6<\/h3>\n
\niPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation<\/p>\nHow to install Apple security updates<\/h3>\n