Apple wants you to install iOS 17.3 ASAP thanks to 16 security issues patched by the update

5comments
Apple wants you to install iOS 17.3 ASAP thanks to 16 security issues patched by the update
The other day we told you that Apple had released iOS 17.3 and told you that you should install it right away because of the Stolen Device Protection feature which requires that certain actions be verified by Face ID or Touch ID when you're not at a familiar place such as home or the office. More sensitive actions such as changing the Apple ID password or resetting Face ID will now be delayed for one hour from the time requests to perform such actions are made.

The hour gives the victim of an iPhone theft the time to discover that his/her iPhone has been stolen and alert Apple about the theft. After the hour, Face ID or Touch ID will still be required to complete the sensitive action. Hopefully, this will prevent criminals from using strong-arm tactics to gain possession of the iPhones that they know the passcodes of. 

Once these bad actors take your phone, with the passcode they can turn it into their phone in seconds, have their way with your financial apps, and use your credit card to purchase expensive items. Just in case you missed the directions about how to enable this feature, go to Settings > Face ID & Passcode > and turn on Stolen Device Protection by tapping on "Turn On Protection."


But Apple is warning iPhone users that there are other reasons to install iOS 17.3 on your iPhone immediately. On Apple's support page, there are 16 other reasons, all vulnerabilities that can be exploited until you install the update and patch the flaws. For example, CVE-2024-23222, CVE-2024-23213, and CVE-2024-23214 are three vulnerabilities found in the WebKit browser engine that could allow an attacker to execute code. 

Apple's support page says something about CVE-2024-23222 that might make the hair on your neck stand straight up. The page states, "Apple is aware of a report that this issue may have been exploited," to which we add "Yikes!" CVE-2024-23206 is another flaw involving Web Kit that could allow a malicious webpage to fingerprint the user.

CVE-2024-23211, found in Safari, could allow a user's private browsing activity to be found in Settings. The other flaws patched in iOS 17.3 include:

  • CVE-2024-23212-Apple Neural Engine.
  • CVE-2024-23218-CoreCrypto.
  • CVE-2024-23208-Kernel.
  • CVE-2024-23207-Mail Search.
  • CVE-2024-23223-NSSpellChecker.
  • CVE-2024-23219-Reset Services.
  • CVE-2024-23203 & CVE-2024-23204-Shortcuts.
  • CVE-2024-23215-TCC.

To install the update go to Settings > General > Software Update and follow the directions.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless