Federal Agency Warns Users to Update iPhones as Soon as Possible

Federal Agency Warns Users to Update iPhones as Soon as Possible
An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group in Herzliya, near Tel Aviv, on Aug. 28, 2016. (Jack Guez/AFP via Getty Images)
Jack Phillips

The federal Cybersecurity and Infrastructure Security Agency (CISA) this week advised users and administrators to update their Apple software due to security vulnerabilities.

“Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device,” the notice, dated March 28, reads. “CISA encourages users and administrators to review the following advisories and apply the necessary updates.”

Security updates were included in the iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, Safari 16.4, Studio Display Firmware Update 16.4, watchOS 9.4, tvOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, and macOS Ventura 13.3 upgrades on Monday.
Apple Inc. on Monday confirmed it released its iOS 16.4 update to users, including a number of new security updates and features.

iOS 16.4 runs on all iPhones starting from the iPhone 8 onwards, according to Apple, which includes bug fixes and new features. Apple also released iOS 15.7.4 for iPhones that are older who have older devices Monday.

The iOS 16.4 upgrade also fixes two flaws in the iPhone operating systems, tracked as CVE-2023-27969 and CVE-2023-27933 that could allow a malicious actor to execute code without the user knowing. Meanwhile, another flaw, CVE-2023-28178, could allow an attacker to bypass the user’s Privacy preferences, says Apple via its support page.
Two vulnerabilities in WebKit, which powers the Safari browser, were also fixed in the latest update, the release notes says. Overall, more than 30 security issues were fixed in the update.
Apple release notes for the iOS 15.7.4 update said that it, too, addresses a number of vulnerabilities, including a similar WebKit bug that has been targeted in the wild. Apple stated that this issue is known to being “actively exploited,” suggesting it’s important to update as soon as possible.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page,” Apple says on its website.

The 15.7.4 update covers all models of iPhone 6s, iPhone 7s, the first generation iPhone SE, iPad Air 2, later iPad Minis, and the seventh generation iPod touch.

Along with the security updates, the iOS 16.4 update also adds new emojis and other features, including web app notifications, a setting that allows the user to dim videos easier, and voice isolation for phone calls.

Consumers can manually update to the latest iOS version on their iPhones or iPads by tapping  Settings, General, and Software Update. Then, they should click Download and Install, follow the prompts, and wait for the phone to restart.

On Mac laptops and desktops, it’s similar. Users should open the Apple menu and choose System Settings before going to General and then clicking on Software Update.

Last month, Security research firm Sophos noted that Apple at the time also pathed security flaws are described as a “zero-day spyware implant bug,” meaning that it was a previously unknown vulnerability that could be actively exploited.

“Just looking at a website, which ought to be harmless, or opening an app that relies on web-based content for any of its pages (for example its splash screen or its help system), could be enough to infect your device,” it said at the time about one of the exploits.

Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
Related Topics