Close Menu
The Daily PostingThe Daily Posting
  • Home
  • Android
  • Business
  • IPhone
    • Lifestyle
  • Politics
  • Europe
  • Science
    • Top Post
  • USA
  • World
Facebook X (Twitter) Instagram
Trending
  • Jennifer Lopez and Ben Affleck reveal summer plans after Europe trip
  • T20 World Cup: Quiet contributions from Akshar Patel, Kuldeep Yadav and Ravindra Jadeja justify Rohit Sharma’s spin vision | Cricket News
  • The impact of a sedentary lifestyle on health
  • Bartok: The World of Lilette
  • Economists say the sharp rise in the U.S. budget deficit will put a strain on Americans’ incomes
  • Our Times: Williams memorial unveiled on July 4th | Lifestyle
  • Heatwaves in Europe are becoming more dangerous: what it means for travelers
  • Christian Science speaker to visit Chatauqua Institute Sunday | News, Sports, Jobs
Facebook X (Twitter) Instagram
The Daily PostingThe Daily Posting
  • Home
  • Android
  • Business
  • IPhone
    • Lifestyle
  • Politics
  • Europe
  • Science
    • Top Post
  • USA
  • World
The Daily PostingThe Daily Posting
IPhone

New iOS 17.3 update alert issued to all iPhone users

thedailyposting.comBy thedailyposting.comFebruary 25, 2024No Comments

[ad_1]

It was tracked as CVE-2024-23204 in iOS 17.3 and reported by security firm Bitdefender.

SOPA Image/LightRocket (via Getty Images)

Apple’s iOS 17.3 was released a month ago, and many security-conscious iPhone users have already upgraded to the latest software. However, many more cautious iPhone users prefer to wait to update their device in case a bug occurs.

In the case of iOS 17.3, waiting is actually not a good idea, as some of the security flaws patched in the upgrade are being exploited in real attacks.

With iOS 17.4 set to be released in the coming days, details have emerged about one of the issues fixed in iOS 17.3, tracked as CVE-2024-23204, by researcher Jubaer from security firm Bitdefender. Reported by Alnazi.

“Apple’s Shortcuts application, designed to enhance user automation, could inadvertently become a potential vector for privacy violations,” Alnazi wrote in a blog post explaining the nature of the vulnerability, its potential impact, and more. , describes recommended mitigations.

What is CVE-2024-23204? How harmful is it?

CVE-2024-23204, fixed in iOS 17.3, is an Apple Shortcuts issue that could allow an attacker to access sensitive data with certain actions without prompting the user.

According to Apple’s support page detailing the iOS 17.3 fix, the issue was resolved with additional permission checks. Alnazi reports to his iPhone manufacturer (@h33tjubaer), this flaw has been given a CVSS score of 7.5. This occurred along with another of his CVEs, CVE-2024-23203.

This issue affects macOS and iOS devices running macOS Sonoma versions earlier than 14.3 and iOS 17.3 and iPadOS versions earlier than 17.3.

Shortcuts is a visual scripting application developed by Apple and available for iOS, iPadOS, macOS, and watchOS operating systems. Users can share with others, but this flexibility puts vulnerabilities at risk.

This is because a user could unknowingly import a shortcut that could exploit CVE-2024-23204. “Shortcuts are a widely used feature for efficient task management, so this vulnerability raises concerns that malicious shortcuts could be inadvertently spread through various sharing platforms. ” explained Alnaji.

And for CVE-2024-23204, shortcut files can bypass Transparency, Consent, and Control (TCC), Apple’s macOS and iOS security framework that governs an application’s access to a user’s sensitive data and system resources. It was possible to create. . “TCC ensures that apps explicitly request permission from users before accessing certain data or functionality, enhancing user privacy and security,” Alnazi wrote.

In a blog and video, he demonstrated how iPhone users can install malicious shortcuts.

So, should you be worried? That’s true if you use shortcuts, but otherwise it’s more important to cover already exploited iPhone flaws that were fixed in iOS 17.3.

Even with shortcuts, Sean Wright, head of application security at Featurespace, says the issue is relatively difficult to exploit. “A malicious shortcut must be explicitly installed to attack a user. It’s not impossible, but this is just another barrier an attacker must overcome. This has been fixed. That’s great, and certainly an interesting vulnerability, but I think the chances of a successful attack are pretty limited.”

what will you do

So how can you avoid this problem? The answer is very simple. If you haven’t done so already, update to iOS 17.3 now. This means installing the latest software, iOS 17.3.1. Bitdefender echoes this advice, stating that iPhone users should update their macOS, iPadOS, and watchOS devices to the latest versions now.

Additionally, be careful when running shortcuts from untrusted sources and check regularly for security updates and patches from Apple.

Apple iPhone security — what’s next?

The next iPhone update will be iOS 17.4, which Apple plans to release in about a week. The iOS 17.4 update is one of the biggest iPhone upgrades ever, at least if you live in the EU.

It includes changes to the App Store and iOS ecosystem to enable sideloading in line with EU Digital Markets Law. This puts Apple in the same position as Google, as the iPhone maker allows users to download apps from other app stores. For now, these are approved by Apple and add security, but the move in iOS 17.4 will expose EU users to cybersecurity threats.

One of the main benefits of owning an iPhone is the security of a closed ecosystem controlled by Apple. Unlike rival Google, the iPhone maker owns the hardware, software and operating system. Changes in iOS 17.4 completely change this.

Apple is doing its best to keep iOS users safe by taking steps like notarizing apps after updates, but the iPhone maker acknowledges that less control over the ecosystem means less security.

It’s important to note that this change only applies to EU users, so countries like the UK and the US are not affected. In the future, it may change depending on regulations and user demand, but for now the situation will remain the same.

The next update brings some great new features for all iPhone users, including robust, future-proof security for iMessage and enhanced stolen device protection.

Meanwhile, iOS 17.4 will include major security fixes, so stay tuned for my story on the release. Apple is increasingly patching bugs that are being used in real-world attacks. Some security holes are used to perform so-called “zero-click” attacks that do not require user interaction to implant spyware on an iPhone. Although these attacks are targeted, the only way to be completely safe is to keep your devices up to date and install the latest software as soon as it arrives.

—

Updated on 02/25 10:05 EST. This article was first published on 02/23 09:56 EST. Updated to include information about Apple’s next significant iPhone upgrade, iOS 17.4.

follow me twitter Or LinkedIn.

Kate is an award-winning and widely recognized cybersecurity and privacy journalist with over a decade of experience covering issues that matter to users, businesses, and governments. In addition to Forbes, her work has also appeared in publications such as Wired, The Guardian, The Observer, The Times, and The Economist.

Focusing on smartphone security, including Apple iOS security and privacy, application security, cyber warfare, and data abuse by big tech companies, Kate reports and analyzes the latest articles and trending topics in cybersecurity and privacy. Masu.

She is also known as an industry commentator and has appeared on radio shows such as the WVON Morning Show with Attorney Ernest B. Fenton, BBC Radio 5 Live, and podcasts such as the Guardian’s Today in Focus. Kate can be contacted at kate.oflaherty@techjournalist.co.uk.

read moreRead more



[ad_2]

Source link

thedailyposting.com
  • Website

Related Posts

Shocking moment a thief climbs over a counter in an east London store, struggles with a female shop assistant and steals an iPhone worth £700

June 28, 2024

AAA games for iPhone and iPad are not very popular with users

June 28, 2024

Apple’s price cuts boost iPhone sales in China

June 28, 2024
Leave A Reply Cancel Reply

ads
© 2025 thedailyposting. Designed by thedailyposting.
  • Home
  • About us
  • Contact us
  • DMCA
  • Privacy Policy
  • Terms of Service
  • Advertise with Us
  • 1711155001.38
  • xtw183871351
  • 1711198661.96
  • xtw18387e4df
  • 1711246166.83
  • xtw1838741a9
  • 1711297158.04
  • xtw183870dc6
  • 1711365188.39
  • xtw183879911
  • 1711458621.62
  • xtw183874e29
  • 1711522190.64
  • xtw18387be76
  • 1711635077.58
  • xtw183874e27
  • 1711714028.74
  • xtw1838754ad
  • 1711793634.63
  • xtw183873b1e
  • 1711873287.71
  • xtw18387a946
  • 1711952126.28
  • xtw183873d99
  • 1712132776.67
  • xtw183875fe9
  • 1712201530.51
  • xtw1838743c5
  • 1712261945.28
  • xtw1838783be
  • 1712334324.07
  • xtw183873bb0
  • 1712401644.34
  • xtw183875eec
  • 1712468158.74
  • xtw18387760f
  • 1712534919.1
  • xtw183876b5c
  • 1712590059.33
  • xtw18387aa85
  • 1712647858.45
  • xtw18387da62
  • 1712898798.94
  • xtw1838737c0
  • 1712953686.67
  • xtw1838795b7
  • 1713008581.31
  • xtw18387ae6a
  • 1713063246.27
  • xtw183879b3c
  • 1713116334.31
  • xtw183872b3a
  • 1713169981.74
  • xtw18387bf0d
  • 1713224008.61
  • xtw183873807
  • 1713277771.7
  • xtw183872845
  • 1713329335.4
  • xtw183874890
  • 1716105960.56
  • xtw183870dd9
  • 1716140543.34
  • xtw18387691b

Type above and press Enter to search. Press Esc to cancel.