Apple has just released iOS 17.6 and urges all iPhone users to update immediately. This latest update addresses significant security vulnerabilities, fixing 35 critical security holes in Apple’s iPhone operating system.
Although Apple has not provided detailed descriptions of the fixes in iOS 17.6, this is a strategic move to ensure as many users as possible update their devices before malicious actors can exploit the information.
According to Apple’s support page, iOS 17.6 resolves issues within the Kernel, the core of the iPhone’s operating system, and several flaws in WebKit, the engine behind the Safari browser.
The release of iOS 17.6 has been highly anticipated, with the previous major security update, iOS 17.5, being issued in mid-May.
Key Security Fixes in iOS 17.6
Among the most notable fixes in iOS 17.6 are two Kernel vulnerabilities, identified as CVE-2024-27863 and CVE-2024-40788.
The first vulnerability could allow an attacker to determine the Kernel memory layout, while the second could cause unexpected system shutdowns. Both of these vulnerabilities require physical access to the iPhone.
Additionally, the update addresses eight significant issues in WebKit, including CVE-2024-40785, which could lead to a cross-site scripting attack through malicious web content.
Sean Wright, head of application security at Featurespace, emphasises the importance of this update, stating that the Kernel vulnerabilities “could be combined with other vulnerabilities to compromise the entire device.”
Suzan Sakarya, senior manager of EMEIA security strategy at Jamf, also underscores the critical nature of these updates, noting that the WebKit vulnerabilities could result in cross-site scripting attacks and unexpected process crashes.
Additional Apple Security Updates
In conjunction with iOS 17.6, Apple has also released iOS 16.7.9 for older iPhones, addressing a smaller set of security issues.
Safari 17.6 has been updated to fix multiple WebKit vulnerabilities. MacOS Sonoma 14.6, macOS Ventura 13.6.8, macOS Monterey 12.7.6, watchOS 10.6, and tvOS 17.6 have also received updates to fix numerous flaws, including those in WebKit, the Kernel, Image IO, and Keychain.
The latest update for Apple’s mixed reality headset, visionOS 1.3, addresses over a dozen vulnerabilities.
Why Updating to iOS 17.6 is Crucial Now
While these vulnerabilities haven’t been exploited in actual attacks yet, some of the security issues addressed in iOS 17.6 are very serious.
If an attacker were to gain control of the Kernel, they could potentially take over your iPhone.
Given the severity of these issues, Wright advises users not to panic but to “update as soon as you can.”
Another reason to update to iOS 17.6 is that it might be the last major update before Apple releases iOS 18 in September. Some users might hesitate to update to iOS 18 immediately, preferring to wait for initial bugs to be resolved in subsequent updates.
Apple typically continues to provide important security fixes for its legacy operating systems for a short period after a major release, but these fixes are not as comprehensive as those for the latest version.
iOS 17.6 is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (2nd generation and later), iPad Pro 10.5-inch, iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (6th generation and later), and iPad mini (5th generation and later).
Updating to iOS 17.6 now will ensure your iPhone remains secure while waiting for iOS 18. To update, go to Settings > General > Software Update and install iOS 17.6 now. Don’t delay—protect your device today.