iOS 17.2—Apple Issues New Update Warning To All iPhone Users

iOS 17.2—Apple Issues New Update Warning To All iPhone Users
To All iPhone Users
Kate O'Flaherty
Senior Contributor
Cybersecurity and privacy journalist
Dec 12, 2023,10:22am EST

Apple’s iOS 17.2 update has arrived, along with a bunch of brilliant new iPhone features. But iOS 17.2 also comes with 12 new reasons to update your iPhone right now because it fixes a dozen security vulnerabilities, some of which are serious.

iOS 17.2 displayed on an iPhone 14 screen
Apple’s iOS 17.2 update comes with 12 new reasons [+]
APPLE IPHONE

Apple doesn’t give much detail about what’s fixed in iOS 17.2, to give people as much time as possible to update their iPhones before attackers can get hold of the details. Among the security issues patched in iOS 17.2 are two flaws in WebKit, the engine that underpins Apple’s Safari browser. One of these, tracked as CVE-2023-42890, could allow an attacker to execute code, according to Apple’s support page.

The iOS 17.2 update also fixes an issue in the Kernel at the heart of the iPhone operating system that could see an app able to break out of its secure sandbox. Another notable fix in iOS 17.2 is two issues in ImageIO where processing an image could lead to code execution.

Sean Wright, head of application security at Featurespace, also singles out CVE-2023-45866—a Bluetooth-related vulnerability fixed in iOS 17.2 that allows an attacker with the right access to capture keystrokes. He points out that the WebKit and Kernel vulnerabilities “can be chained together to allow an attacker to be able to potentially have significant access to the device.”

iOS 17.2 Follows Emergency Update
The launch of iOS 17.2 comes less than two weeks after Apple issued iOS 17.1.2, an emergency update fixing two flaws being used in real-life attacks. Apple tends to leave its critical security fixes for these emergency releases in between big point updates such as iOS 17.2, to ensure iPhone users aren’t put off by any bugs that sometimes come with feature upgrades.

The good news about the issues fixed in iOS 17.2 is that there’s no indication they are being used in attacks, says Wright. However, leaving holes open means more time to exploit them, so Wright advises updating your iPhone to iOS 17.2 “as soon as you can.”

iMessage Contact Key Verification in iOS 17.2 Explained
Aside from the security updates, another big reason to update to iOS 17.2 is it includes a new feature called Contact Key Verification—an update to iMessage that prevents attackers from reading or listening to your conversations if they have breached cloud servers.

Intended to help tackle increasing amounts of spyware impacting iPhones, Contact Key Verification is different from super-secure Lockdown Mode as it doesn’t affect the functionality of your iPhone.

Lockdown Mode is designed to protect at-risk iPhone users such as journalists, businesses and dissidents from spyware attacks. While it is extremely secure and recently enhanced in iOS 17, it impacts your iPhone's usability and stops you from using some features. For this reason, you should only enable Lockdown Mode if you need it.

On the other hand, the decision to enable Contact Key Verification in iOS 17.2 is much easier if you care about your security.

It’s described in the iOS 17.2 release notes as follows:

“With iMessage Contact Key Verification, users can choose to further verify that they are messaging only with the people they intend. iMessage Contact Key Verification uses Key Transparency to enable automatic verification that the iMessage key distribution service returns device keys that have been logged to a verifiable and auditable map.

“When a user enables the feature, they will be notified about any validation errors directly in the Messages conversation transcript and Apple ID Settings.”

For even higher security, the release notes state, iMessage Contact Key Verification allows you to compare a contact verification code in person, on FaceTime, or through another secure call. You can also choose to create or edit a contact and save a public key to turn on iMessage Contact Key Verification with that person.

You can enable iMessage contact Key Verification by first updating to iOS 17.2, then taking the following steps: Go to your Settings > Your Name > Contact Key Verification and toggle it to “on.”

You’ll also need to update your other devices to the latest version. All devices signed into your iCloud account must be on the minimum supported version of iOS 17.2 Beta, macOS 14.2 or watchOS 10.2. “If you wish to keep using other devices on older versions of the OS, you will need to sign out of iMessage on these devices in order to enable contact key verification,” according to Apple.

MORE FOR YOU
Apple iMessage Soundly Beaten As Surprise New Update Goes Live
iOS 17.2: Apple Suddenly Releases Urgent Update Warning For All iPhone Users
DOJ Has Trump’s Cell Phone Data From Jan. 6—And Will Present It At Trial, Prosecutors Reveal
Why You Should Update Your iPhone To iOS 17.2
Apple’s iOS 17 launched in the fall, but many people are waiting to update to avoid any iPhone bugs. With this in mind, Apple has also launched iOS 16.7.3 to address the relevant security issues fixed in iOS 17.2. But Apple won’t do this forever—the iPhone maker will soon limit its iOS 16 updates to older devices.

Apple’s iOS 17.2 comes with important security and bug fixes and brilliant new features, making it an upgrade worth applying to your iPhone. The upgrade also comes with the long-anticipated Journal app, which you can lock with Face ID or Touch ID to ensure it's private and secure.

So what are you waiting for? Go to your iPhone’s Settings > General > Software Update and download and install iOS 17.2 now.

—

Update December 12, 10:15 EST. This article was first published on December 12 at 03:23 EST. Updated to include details about iMessage Contact Key Verification.

Get the best of Forbes to your inbox with the latest insights from experts across the globe.