Apple has released patches for its mobile iOS and iPadOS operating systems to address four newly disclosed vulnerabilities, two of which are being actively exploited as zero-day vulnerabilities. The update also includes significant new features aimed at protecting iPhones and iPads from future quantum cyber attacks.
The two zero-days, identified as CVE-2024-23225 and CVE-2024-23296, involve a memory corruption issue in the device kernel and a vulnerability in the real-time operating system used in Apple peripherals. The third vulnerability, tracked as CVE-2024-23243, allows an application to access a user’s location data. The fourth vulnerability, tracked as CVE-2024-23256, affects Safari Private Browsing and temporarily makes locked browser tabs visible when switching tab groups.
Apple has not provided detailed technical information or exploits for the fixed issues, as is customary with its security updates. However, Mike Walters, founder and president of patch management specialist Action1, advises users to update their devices promptly. The affected Apple devices include various iPhone and iPad models.
In addition to the patches, the wider iOS 17.4 update introduces a new iMessage security protocol called PQ3, which utilizes post-quantum cryptographic techniques to enhance end-to-end secure messaging. This update is described as foundational for iPhone security and offers improved protection against future hacking tools utilizing quantum computing power.
The use of the PQ3 protocol for post-quantum cryptography is praised by security experts for its advanced encryption capabilities and protection against future quantum computer threats. The update also includes features to comply with the European Union’s Digital Markets Act, allowing third-party developers to provide alternative marketplaces and app downloads, use non-WebKit-based browsers, and utilize the iPhone’s NFC chip for contactless payments outside of Apple Pay or Apple Wallet.
Other new features of the iOS 17.4 update include translation options in the Podcasts application and Siri, improved battery life information, enhanced music recognition, and over 100 new emojis.