iOS 18.2 – Update Now Warning to all iPhone users

iOS 18.2 – Update Now Warning to all iPhone users

Update December 12, 2024: This story, originally published on December 11, now contains details about the password bug fixed in iOS 18.2, as well as other updates released by Apple.

Apple has released iOS 18.2, along with the first major Apple Intelligence features and 21 security updates that you should apply to your iPhone now.

Many iPhone users will see iOS 18.2 as a reason to update to iOS 18, and the security fixes in this version should further increase the incentive. The iOS 18.2 upgrade includes important fixes to the iPhone kernel as well as WebKit, the engine that powers the Safari browser – and patches for bugs that could allow an attacker to execute code on your device.

With the release of iOS 18.2, Apple is discontinuing the ability to decide whether to upgrade to iOS 18.

In addition to iOS 18.2, Apple also released iOS 17.7.3 for users of older devices and fixed a list of 14 vulnerabilities. However, keep in mind that the list of compatible devices is much smaller than previous iOS 17 updates – Apple’s iOS 17.7.3 is for the 2nd generation iPad Pro 12.9-inch, iPad Pro 10.5-inch, and iPad 6th generation available.

This indicates that Apple is no longer giving you the option to stay on iOS 17 if you have an iOS 18 compatible device. If you stay on iOS 17, it means you are no longer safe.

What was fixed in iOS 18.2?

Apple isn’t providing many details about the bugs fixed in iOS 18.2 to give iPhone users as much time as possible to update before criminals can get their hands on the details.

The issues fixed in iOS 18.2 include three kernel bugs called CVE-2024-54494, CVE-2024-54510, and CVE-2024-44245. The latter could allow an app to cause an unexpected system shutdown or kernel memory corruption, according to Apple’s support page.

An issue in libexpat, tracked as CVE-2024-45490, is particularly concerning because a remote attacker could detect it causing an unexpected app termination or executing code.

Apple’s iOS 18.2 also fixes two vulnerabilities in libxpc, one of which could allow an app to gain elevated privileges.

iOS 18.2 fixed four vulnerabilities in WebKit that caused memory corruption when tricked into interacting with malicious web content.

A password flaw, tracked as CVE-2024-54492 and reported by researchers at Mysk, could also be a cause for concern. Using the vulnerability patched in iOS 18.2, an attacker in a privileged network position could be able to manipulate network traffic, according to Apple’s description.

The problem was resolved by using the secure web protocol HTTPS when sending information over the network. “Since the launch of iOS 18, the new password app uses unencrypted HTTP to download symbols for password inputs – a potential risk,” Mysk researchers said.

Sean Wright, head of application security at Featurespace, highlights the password vulnerability, calling the use of HTTP instead of HTTPS “somewhat concerning.”

He advises “updating as soon as possible” and highlights the benefits of the new Apple Intelligence features.

More Apple patches have been released alongside iOS 18.2

In addition to iOS 18.2 and iOS 17.7.3, Apple released Safari 18.2, which fixes four WebKit issues and one Safari bug. The iPhone maker also released macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, watchOS 11.2, tvOS 18.2 and visionOS 2.2.

ForbesNew iPhone Spyware Warning – Here’s What You Need to Do

Why you should update to iOS 18.2 now

The security updates alone and the fact that you can’t stay on iOS 17 and stay safe should be enough to convince you to upgrade to iOS 18.2 now. But Apple’s iOS 18.2 also includes a number of very cool features, including the ability to use OpenAI’s ChatGPT, which is now integrated into Siri for the first time.

Apple’s iOS 18.2 is for iPhone higher available. and iPad mini 5th generation and later.

So what are you waiting for? Go to your Settings > General > Software Update and update to iOS 18.2 as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *