Apple has rolled out iOS 18.2, introducing key security updates and new Apple Intelligence features. This recent update addresses 21 security vulnerabilities, including serious flaws in the iPhone Kernel and WebKit, the engine powering Safari.
Among the patched vulnerabilities are three Kernel issues, tracked as CVE-2024-54494, CVE-2024-54510, and CVE-2024-44245. These flaws could allow an app to cause unexpected system termination or corrupt Kernel memory. Another notable vulnerability in the libexpat XML parser, CVE-2024-45490, could let remote attackers terminate apps or execute malicious code. Security concerns extend to libxpc, where two flaws were fixed, preventing apps from gaining elevated privileges.
Additionally, four WebKit vulnerabilities that could lead to memory corruption when interacting with malicious web content have been addressed. A flaw in the Passwords app, tracked as CVE-2024-54492, has also been patched, resolving a risk where unencrypted HTTP was used to download icons for password entries.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging users to install iOS 18.2 due to the potential for cyber threats exploiting these vulnerabilities. Security researchers at Malwarebytes also echo these concerns, advising users to update promptly and enable automatic updates.
Apple’s iOS 18.2 release coincides with updates to iPadOS 17.7.3, Safari 18.2, macOS Sequoia 15.2, and other operating systems. The update is compatible with iPhone XS and later models. iPhone Users are encouraged to go to **Settings > General > Software Update** to install iOS 18.2 immediately to maintain security and access new features like Siri’s integration with OpenAI’s ChatGPT.
Babatunde Philips