Update Dec. 12, 2024: This story, originally published Dec. 11, now includes details about the Passwords flaw patched in iOS 18.2, as well as other updates issued by Apple.
Apple has issued iOS 18.2, along with the first major Apple Intelligence features and 21 security updates you should apply to your iPhone now.
Many iPhone users will see iOS 18.2 as a reason to update to iOS 18 and the security fixes in this release should add to the incentive. The iOS 18.2 upgrade includes important fixes to the iPhone Kernel as well as WebKit, the engine that underpins the Safari browser — and patches for flaws that could allow an attacker to execute code on your device.
The release of iOS 18.2 comes as Apple halts the ability to choose whether to upgrade to iOS 18.
Alongside iOS 18.2, Apple also released iOS 17.7.3 for users who have older devices, patching a list of 14 flaws. But note that the list of compatible devices is much smaller than previous iOS 17 updates — Apple’s iOS 17.7.3 is available for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch and iPad 6th generation.
This indicates Apple is no longer giving you the option to stay on iOS 17 if you have a iOS 18-compatible device. If you remain on iOS 17, this means you will no longer be secure.
Apple doesn’t give much detail about what’s fixed in iOS 18.2, to give iPhone users as much time to update as possible before criminals can get hold of the details.
Among the issues fixed in iOS 18.2 are three Kernel flaws tracked as CVE-2024-54494, CVE-2024-54510 and CVE-2024-44245, the last of which could allow an app to cause unexpected system termination or corrupt Kernel memory, according to Apple’s support page.
An issue in libexpat tracked as CVE-2024-45490 is particularly worrying, as it could see a remote attacker cause an unexpected app termination or execute code.
Apple’s iOS 18.2 also patches two flaws in libxpc, one of which could see an app able to gain elevated privileges.
Four vulnerabilities in WebKit were fixed in iOS 18.2, allowing memory corruption if you were persuaded to interact with malicious web content.
A flaw in Passwords, tracked as CVE-2024-54492 and reported by researchers at Mysk, could also be a concern. Using the vulnerability patched in iOS 18.2, an attacker in a privileged network position could be able to alter network traffic, according to Apple’s description.
The issue was addressed by using secure web protocol HTTPS when sending information over the network. “Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries — a potential risk,” Mysk researchers said.
Sean Wright, head of application security at Featurespace highlights the Passwords flaw seeing HTTP used instead of HTTPS as “a bit of a concern.”
He advises “updating as soon as you can,” highlighting the benefits of the new Apple Intelligence features.
Alongside iOS 18.2 and iOS 17.7.3, Apple released Safari 18.2, fixing four WebKit issues and one Safari flaw. The iPhone maker also issued macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, watchOS 11.2, tvOS 18.2 and visionOS 2.2.
The security updates alone and the fact you can’t stay on iOS 17 and remain secure should be enough to persuade you to update now to iOS 18.2. But Apple’s iOS 18.2 also includes a number of very cool features, including the ability to use OpenAI’s ChatGPT, which is now integrated with Siri for the first time.
Apple’s iOS 18.2 is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
So, what are you waiting for? Go to your Settings > General > Software Update and upgrade to iOS 18.2 as soon as you can.