Apple has released iOS 17.3, along with a warning to update now. That’s because iOS 17.3 fixes 16 security issues, one of which is already being used in real life attacks.
Apple doesn’t give much detail about what’s fixed in iOS 17.3, to allow as many iPhone users as possible to update their devices before more attackers can get hold of the details.
Tracked as CVE-2024-23222, the already-exploited issue in iOS 17.3 is a vulnerability in WebKit, the engine that underpins Apple’s Safari browser, that could allow an attacker to execute code. “Apple is aware of a report that this issue may have been exploited,” the iPhone maker said on its support page.
Apple also fixed three more WebKit flaws as part of the iOS 17.3 security upgrade, two of which could lead to code execution. Another iOS 17.3 fix worth noting is a Kernel flaw tracked as CVE-2024-23208, which could allow an adversary to execute arbitrary code with Kernel privileges via an app.
The iOS 17.3 security fixes come after Apple has issued several emergency updates, some of which patch flaws being used in spyware attacks. These see adversaries compromise iPhones via so-called “zero-click” attacks requiring no interaction from the user, often utilising flaws in WebKit.
It is unusual for Apple to include an urgent fix—ie one that’s already being used in attacks—as part of a major point upgrade such as iOS 17.3. This could be due to a number of things, but it’s probably just coincidental timing.
Why You Should Update To iOS 17.3 Now
Apple’s iOS 17.3 update is a big upgrade for features too, with Apple finally releasing Stolen Device Protection to prevent thieves from accessing your data if they manage to get hold of your device.
The security fixes alone make updating to iOS 17.3 a no-brainer, especially if you own a device that can run iOS 17. That’s because Apple no longer supports newer devices with iOS 16 security updates. It’s a different story if you own an older iPhone that can’t run iOS 17—Apple has also released iOS 16.7.5 and iOS 15.8.1 to keep your device secure.
The flaws fixed in iOS 17.3 are serious and the fact the WebKit issue is already being exploited makes the update particularly urgent. Sean Wright, head of application security at Featurespace warns that the Kernel-based vulnerability could “be chained with the WebKit vulnerabilities” to allow an attacker to gain control of their victim’s device remotely.
So you know what to do. Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.3 now.
