About the security content of iOS 17.6 and iPadOS 17.6 (2024)

Released July 29, 2024

AppleMobileFileIntegrity

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A downgrade issue was addressed with additional code-signing restrictions.

CVE-2024-40774: Mickey Jin (@patch1t)

CoreGraphics

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-40799: D4m0n

CoreMedia

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted video file may lead to unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2024-27873: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

dyld

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with additional validation.

CVE-2024-40815: w0wbox

Family Sharing

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: This issue was addressed with improved data protection.

CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2023-6277

CVE-2023-52356

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-40806: Yisumi

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An integer overflow was addressed with improved input validation.

CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative, Gandalf4a

Kernel

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A local attacker may be able to determine kernel memory layout

Description: An information disclosure issue was addressed with improved private data redaction for log entries.

CVE-2024-27863: CertiK SkyFall Team

Kernel

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A local attackermay be able to cause unexpected system shutdown

Description: A type confusion issue was addressed with improved memory handling.

CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University

libxpc

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: A permissions issue was addressed with additional restrictions.

CVE-2024-40805

Phone

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: A lock screen issue was addressed with improved state management.

CVE-2024-40813: Jacob Braun

Photos Storage

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Photos in the Hidden Photos Album may be viewed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2024-40778: Mateen Alinaghi

Sandbox

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed through improved state management.

CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong

Sandbox

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access protected user data

Description: A path handling issue was addressed with improved validation.

CVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong

Shortcuts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user

Description: A logic issue was addressed with improved checks.

CVE-2024-40835: an anonymous researcher

CVE-2024-40836: an anonymous researcher

Shortcuts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to bypass Internet permission requirements

Description: A logic issue was addressed with improved checks.

CVE-2024-40809: an anonymous researcher

CVE-2024-40812: an anonymous researcher

Shortcuts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to bypass Internet permission requirements

Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2024-40787: an anonymous researcher

Shortcuts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by removing the vulnerable code.

CVE-2024-40793: Kirin (@Pwnrin)

Siri

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attackermay be able to view sensitive user information

Description: This issue was addressed through improved state management.

CVE-2024-40786: Bistrit Dahal

Siri

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40818: Bistrit Dahal and Srijan Poudel

Siri

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attackerwith physical access to a device may be able to access contacts from the lock screen

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40822: Srijan Poudel

VoiceOver

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: An attackermay be able to view restricted content from the lock screen

Description: The issue was addressed with improved checks.

CVE-2024-40829: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 273176
CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab

WebKit Bugzilla: 268770
CVE-2024-40782: Maksymilian Motyl

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact:Processing maliciously crafted web content may lead to an unexpected process crash

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 275431
CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab

WebKit Bugzilla: 275273
CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: This issue was addressed with improved checks.

WebKit Bugzilla: 273805
CVE-2024-40785: Johan Carlsson (joaxcar)

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day Initiative

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact:Processing maliciously crafted web content may lead to an unexpected process crash

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

WebKit Bugzilla: 274165
CVE-2024-4558

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

WebKit Bugzilla: 275272
CVE-2024-40794: Matthew Butler

About the security content of iOS 17.6 and iPadOS 17.6 (2024)

FAQs

How secure is iOS iPad? ›

The iPad and iPhone operating system, iOS, is very secure but it isn't immune from hackers. Jailbreaking your iPad could make it easier to hack. But, if a hacker gains access to your Apple ID and password, your account is vulnerable.

What is iPadOS 16 security update? ›

This update includes the following enhancements and bug fixes: Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key as part of the two factor authentication sign in process on new devices. Support for HomePod (2nd generation)

What is the security content of iOS 13? ›

Another new iOS 13 feature is that apps have to ask you for Bluetooth access, when they didn't have to before. Before iOS 13, apps could use Bluetooth (without asking) to collect information like tracking data that shared your location.

Which iPads are at risk of being hacked? ›

iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. Apple Safari versions prior to 17.3. macOS Monterey and macOS Ventura.

Does an iPad have built-in security? ›

Built-in privacy features minimize how much of your information is available to anyone but you, and you can adjust what information is shared and where you share it. Built-in security features help prevent anyone but you from accessing the data on your iPad and in iCloud.

Should I update to iPadOS 17? ›

This update provides important bug fixes and security updates and is recommended for all users.

Which iPads can no longer be updated? ›

These devices aren't made anymore and don't support the latest versions of iPadOS.
  • iPad: Original, 2, 3, 4.
  • iPad Air: Original.
  • iPad Mini: Original, 2, 3.
May 15, 2024

What generation is iPadOS 17.5 1? ›

1 for the 10th generation iPads. Notably, Apple released iOS 17.5. 1 and iPadOS 17.5. 1 on May 20, to resolve an issue where deleted photos resurfaced in users' photo libraries.

Are those Apple virus warnings real? ›

Is the Apple Security Alert Real? If you're seeing pop-up messages warning you of security alerts or virus attacks against your Apple device, you're most likely worried. But while these messages may look real, they're almost certainly scams.

How does Apple notify you of a security breach? ›

A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com. Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user's Apple ID.

Is my iPad too old to update? ›

With each update, Apple releases a full list of devices that are able to download it. If you don't see your model on the list and it's more than 5-6 years old, it's likely that your iPad is too old to handle a new update. Your iPad can't download new apps or update the ones you have.

How does Apple detect compromised passwords? ›

Why did Apple send you a data leak notification? To enhance your security, Apple compares the passwords you store on your iPhone against known leaked passwords to try to find matches. The company does this using methods that don't reveal your passwords to Apple. All the processing happens on your device only.

How do you stop someone from accessing your iPhone remotely? ›

How to protect your iPhone from unauthorized remote access
  1. Don't use public Wi-Fi with company phones, or make sure to use a VPN when doing so.
  2. Keep iOS and company apps up to date at all times. ...
  3. Establish strong authentication methods, such as multi-factor authentication, biometric authentication and complex passwords.
Jan 8, 2024

Does iOS have built in security? ›

Built-in security features help prevent anyone but you from accessing the data on your iPhone and in iCloud. To take maximum advantage of the privacy and security features built into iPhone, follow these practices.

Does iOS have good security? ›

Is iPhone really secure? Apple has a strong reputation for its security. It has various built-in features to increase your online security, including malware protection, Passkeys, and customizable information-sharing choices for apps.

How secure is iOS operating system? ›

iOS is well-known for its robust security framework, but vulnerabilities in the operating system still exist. These are flaws or weaknesses in the iOS operating system that attackers can exploit to gain unauthorized access, leak sensitive data, or compromise device security.

How secure are iPads for banking? ›

What do I need to do online banking safely on my 6th gen iPad? The browser will provide the same security as using your computer. Unless you have someone in your home that has jailbroken your phone and installed a keylogger, then you are just fine. I do banking on my iPad and iPhone all the time.

How to make sure an iPad is secure? ›

Some dos and don'ts for keeping your iPad secure
  1. Do make the most of Touch ID, which combines convenient one-touch access with biometric security.
  2. Do make sure you're using a good lock screen passcode.
  3. Do pay attention to your surroundings, and change your privacy settings accordingly.

References

Top Articles
Latest Posts
Article information

Author: Arielle Torp

Last Updated:

Views: 5747

Rating: 4 / 5 (61 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Arielle Torp

Birthday: 1997-09-20

Address: 87313 Erdman Vista, North Dustinborough, WA 37563

Phone: +97216742823598

Job: Central Technology Officer

Hobby: Taekwondo, Macrame, Foreign language learning, Kite flying, Cooking, Skiing, Computer programming

Introduction: My name is Arielle Torp, I am a comfortable, kind, zealous, lovely, jolly, colorful, adventurous person who loves writing and wants to share my knowledge and understanding with you.