Update November 21, 2024: This story has been updated to include a new CISA warning and additional expert analysis on the security fixes included in Apple’s iOS 18.1.1 update and iOS 17.7.2 updates.
Apple has rolled out iOS 18.1.1, an emergency update designed to address two critical security vulnerabilities that are already being actively exploited in the wild. If you’re an iPhone user, this is an update you should apply immediately to safeguard your device from serious cyber threats.
Table of Contents
What’s Fixed in iOS 18.1.1?
While Apple doesn’t disclose full details to prevent attackers from exploiting the vulnerabilities further, the company has confirmed that iOS 18.1.1 addresses two key issues:
- CVE-2024-44308: A vulnerability in the JavaScriptCore framework that could allow malicious code to execute when a user interacts with compromised web content. Apple has acknowledged reports of this issue being exploited on Intel-based Mac systems.
- CVE-2024-44309: A WebKit flaw enabling cross-site scripting attacks, where attackers could inject malicious code into trusted websites or apps. This vulnerability also has reportedly been exploited on Intel-based Mac systems.
Both vulnerabilities pose significant risks, including unauthorized access to user data, redirection to malicious websites, and potential theft of session tokens.
CISA Urges Immediate Updates
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging businesses and individuals to install Apple’s latest updates, including iOS 18.1.1, iOS 17.7.2, macOS Sequoia 15.1.1, visionOS 2.1.1, and Safari 18.1.1.
“Apple released security updates to address vulnerabilities in multiple Apple products,” states CISA. “A cyber threat actor could exploit these vulnerabilities to take control of an affected system.”
CISA advises users and administrators to review the advisories and apply updates immediately to mitigate potential threats.
Why Updating to iOS 18.1.1 Is Critical
Cybersecurity experts emphasize the importance of acting quickly. Sean Wright, head of application security at Featurespace, explains that the JavaScriptCore vulnerability could enable attackers to remotely execute malicious code, potentially redirecting users to harmful websites or compromising session tokens.
Similarly, the WebKit vulnerability could impact all browsers in Apple’s ecosystem due to its central role in powering Safari and presenting web-based content. Michael Covington, VP of Strategy at Jamf, warns that cross-site scripting exploits could allow attackers to bypass cookie management protections and steal sensitive data.
“Given the active exploitation of these vulnerabilities, updating immediately is critical,” Covington stresses.
Enhanced Security Measures in iOS 18.1.1
Apple’s fixes include stronger checks to detect and prevent malicious activity, as well as improved data management during web browsing. These updates not only address the vulnerabilities but also enhance overall device security.
The update is available for the following devices:
- iPhone XS and later
- iPad Pro (13-inch, 12.9-inch 3rd generation and later, 11-inch 1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
For users of older devices, iOS 17.7.2 provides the same critical fixes without requiring an upgrade to iOS 18.
How to Update Your Device
Updating your iPhone or iPad is straightforward:
- Open Settings.
- Navigate to General > Software Update.
- Tap Download and Install to apply the latest patch.
Stay Safe: What You Can Do Beyond Updating
In addition to installing the latest updates, Wright advises being vigilant about the websites you visit and the links you click. Malicious actors often exploit these vulnerabilities through deceptive tactics like phishing.
Covington adds that mobile-first organizations should prioritize applying these updates across all devices in their networks. Staying proactive in patch management is key to protecting against evolving cyber threats.
Don’t Wait—Update Now
The vulnerabilities patched in iOS 18.1.1 and iOS 17.7.2 are significant and actively exploited, making this an emergency update for Apple users. Protect your device, data, and online activities by updating today. With evolving threats, timely updates remain your first line of defense in staying secure. Your next step: Open your settings and install iOS 18.1.1 or iOS 17.7.2 now to ensure your device is protected.
