iOS 17.3—Update Now Warning Issued To All iPhone Users

Apple has released iOS 17.3, along with a warning to update now. That’s because iOS 17.3 fixes 16 security issues, one of which is already being used in real life attacks.

Apple doesn’t give much detail about what’s fixed in iOS 17.3, to allow as many iPhone users as possible to update their devices before more attackers can get hold of the details.

Tracked as CVE-2024-23222, the already-exploited issue in iOS 17.3 is a vulnerability in WebKit, the engine that underpins Apple’s Safari browser, that could allow an attacker to execute code. “Apple is aware of a report that this issue may have been exploited,” the iPhone maker said on its support page.

which is already being used in real life attacks.

Apple iPhone

Apple also fixed three more WebKit flaws as part of the iOS 17.3 security upgrade, two of which could lead to code execution. Another iOS 17.3 fix worth noting is a Kernel flaw tracked as CVE-2024-23208, which could allow an adversary to execute arbitrary code with Kernel privileges via an app.

The iOS 17.3 security fixes come after Apple has issued several emergency updates, some of which patch flaws being used in spyware attacks. These see adversaries compromise iPhones via so-called “zero-click” attacks requiring no interaction from the user, often utilising flaws in WebKit.

It is unusual for Apple to include an urgent fix—ie one that’s already being used in attacks—as part of a major point upgrade such as iOS 17.3. This could be due to a number of things, but it’s probably just coincidental timing.

Reasons To Update To iOS 17.3 Now

Apple’s iOS 17.3 update is a big upgrade for features too, with Apple finally releasing Stolen Device Protection to prevent thieves from accessing your data if they manage to get hold of your device.

The security fixes alone make updating to iOS 17.3 a no-brainer, especially if you own a device that can run iOS 17. That’s because Apple no longer supports newer devices with iOS 16 security updates.

Other iPhone Updates Issued Alongside iOS 17.3

Apple has also issued other updates alongside iOS 17.3 for users of older iPhones. First up is iOS 16.7.5, a security-only update for iPhone users whose devices can’t upgrade to iOS 17.3—the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

The iOS 16.7.5 update fixes eight security issues, one of which is the WebKit flaw tracked as CVE-2024-23222 also patched in iOS 17.3, which Apple said is already being used in attacks. The update fixes a further three WebKit issues, as well as vulnerabilities in Safari, ImageIO, Apple Neural Engine and Accessibility.

Meanwhile, if your iPhone is really old—listed by Apple as the iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)—Apple has released iOS 15.8.1 and iPadOS 15.8.1. The iPhone update fixes two WebKit security issues—both already being used in attacks. Tracked as CVE-2023-42916, the first flaw could see a user disclose sensitive information if they process malicious web content. Tracked as CVE-2023-42917, the second issue could result in arbitrary code execution.

In both cases, Apple said it “is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.”

The vulnerabilities fixed in iOS 15.8.1 were reported to Apple by Clément Lecigne of Google’s Threat Analysis Group, which often discovers iPhone attacks ulitising spyware. It goes without saying that if you own an older iPhone, you should make sure you update now to the latest software.

Why The iOS 17.3 Update Is Urgent

The flaws fixed in iOS 17.3 are serious and the fact the WebKit issue is already being exploited makes the update particularly urgent. Sean Wright, head of application security at Featurespace warns that the Kernel-based vulnerability could “be chained with the WebKit vulnerabilities” to allow an attacker to gain control of their victim’s device remotely.

So you know what to do. Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.3 now.

—

Update 01/24 at 05:00 EST. This article was first published on 01/22 at 02:43pm EST. Updated to include information about the iOS 16.7.5 and iOS 15.8.1 updates released alongside iOS 17.3.

Follow me on Twitter or LinkedIn.

Kate is an award winning and widely-recognized cybersecurity and privacy journalist with well over a decade’s experience covering the issues that matter to users, businesses and governments. In addition to Forbes, her work can be found in publications including Wired, The Guardian, The Observer, The Times and The Economist.

With a focus on smartphone security including Apple iOS security and privacy, application security, cyberwarfare and data misuse by the big tech firms, Kate reports and analyzes breaking cybersecurity and privacy stories and trending topics.

She is also a recognized industry commentator and has appeared on radio shows including the WVON Morning Show with Attorney Ernest B. Fenton, BBC Radio 5 Live and podcasts such as the Guardian’s Today in Focus. Kate can be reached at kate.oflaherty@techjournalist.co.uk.