Apple’s latest major update, iOS 18, has finally been available to the general public since Monday. While it brings its share of new features, it also fixes many important security flaws that are recommended to be taken into account quickly. Those who prefer iOS 17 have the same fixes on iOS 17.7.
As with every major iOS update, version 18 fixes security issues at the heart of the operating system. Many of the flaws fixed Monday allowed attackers, applications or unauthorized users to access sensitive personal data such as contacts or photos.
Multiple vulnerabilities related to accessibility options have been addressed that allowed attackers with physical access to the locked device to retrieve sensitive information, either via Siri or by controlling nearby devices. Apple has strengthened state management to address these issues.
Control Center also had a flaw that allowed apps to record your screen without showing the proper indicator in the status bar, so you might not be aware that a recording was in progress. Additional checks in iOS 18 fix this.
Denial of service attacks prevented
Some of the now-patched vulnerabilities allowed malicious actors to perform denial-of-service (DoS) attacks.
An issue with mDNSresponder allowed apps to cause a denial of service, while flaws in ImageIO and ModelI/O meant that processing an image could have the same effect. Remote attackers could also cause a denial of service via a previously unpatched cellular security vulnerability.
Apple addressed these various issues in iOS 18 by improving error handling, state handling, and better checking of input boundaries.
Safari and better protected networks
The Safari browser has received fixes for two separate vulnerabilities that allowed access to private browsing tabs without prior authentication. Apple addressed these issues by improving state management.
Two WebKit vulnerabilities related to malicious web content have also been fixed. One allowed sites to exfiltrate cross-origin data, the other could lead to universal cross-site scripting. Better handling of security origins and states addresses these flaws.
On the networking side, a Wi-Fi issue allowed attackers to force a device to disconnect from a secure network. iOS 18’s Beacon Protection feature fixes this. Similarly, a kernel flaw allowed network traffic to leak outside a VPN tunnel, which has been fixed with improved checks.
In short, the update to iOS 18 brings a large number of security fixes that are important to apply quickly. Keeping your operating system up to date makes it much more difficult for malicious actors to get their hands on your personal data. If you have a compatible iPhone or iPad, don’t hesitate to update quickly. Apple is also providing access to iOS 17.7 with all the security fixes for those who don’t want to upgrade to iOS 18 right away.