Apple has unveiled a major update for iOS 18, addressing over 33 critical security vulnerabilities that posed risks to iPhones and iPads. The refresh, released on September 16, 2024, includes essential fixes for a range of issues affecting core components such as accessibility features, Bluetooth, Control Center, and Wi-Fi. Among the notable improvements are protections against unauthorized access to sensitive data through Siri, which previously allowed attackers with physical access to view recent photos, control nearby devices, and retrieve private information without authentication.
One of the significant vulnerabilities addressed involves the Control Center, where a flaw could have enabled mobile apps to record the screen without displaying an indicator, potentially compromising user privacy. Additionally, the update fixes a Core Bluetooth issue that permitted a malicious Bluetooth device to bypass the device pairing process, as well as a kernel vulnerability that leaked network traffic outside of VPN tunnels, exposing users to potential data breaches.
The update also resolves a Wi-Fi bug that allowed attackers to force devices to disconnect from secure networks and multiple Safari Private Browsing and sandbox bypasses that could have been exploited to access sensitive information. While Apple did not categorize any of these vulnerabilities as already exploited, the update represents a crucial step in enhancing device security and protecting users from emerging threats.
In conjunction with the iOS 18 update, Apple also released macOS Sequoia 15, which includes a substantial batch of patches for various security flaws affecting the operating system. These updates aim to address critical issues such as unauthorized data access, privilege escalation, and system modifications, further strengthening Apple’s commitment to safeguarding user information across its platforms.
