Apple is urging everyone to update iPhone and iPad iOS (again). Why you should do it now.
This week Apple rushed out an emergency patch to fix a serious security flaw for iPhones and iPads.
The zero-day vulnerability which allows attackers to elevate privileges may have already been exploited, Apple said.
Apple patched the flaw in the iOS 17.0.3 and iPadOS 17.0.3 updates. It did not provide additional details.
“This update provides important bug fixes, security updates and addresses an issue that may cause iPhone to run warmer than expected,” Apple said.
So what’s with all the Apple security updates?
Apple’s cat-and-mouse game with zero-day hackers seems to be picking up.
According to SecurityWeek, this was the 16th documented zero-day exploit against Apple’s iOS, iPadOS and macOS-powered devices.
The list of affected devices include: iPhone XS and later as well as iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
Do I need to update my iPhone for security?
Should you worry about all of these iOS updates? In general, yes.
“We all have to realize there is an industry out there that is actively targeting our devices and all the personal information we have on them,” said researcher John Scott Railton, a senior researcher with Citizen Lab at the University of Toronto’s Munk School.
But we should not be alarmed by the frequency of the Apple security patches, according to Railton. The growing number of updates are a sign that Apple is working hard to keep our devices secure, he said.
“Apple is, from my perspective, really leaning into hunting for and quickly fixing this kind of bug,” Railton said. “It’s a little bit like, why do you hear so many sirens? Because the ambulance service is finally going to people’s houses when they call.”
But it’s not just down to Apple, Railton said. There are steps we can all take to protect our devices from incursions.
How to install iPhone security updates
No one gets excited about updating their phone. But, said Railton, “every time you update, you make your device more secure.”
First, you should make sure automatic updates are turned on.
- Open settings
- Tap on general
- Tap on software update
- Make sure automatic updates are turned on
How to install iOS 17.0.3
Install updates as soon as you hear about them. Here’s how:
- Open settings
- Tap on general
- Tap on software update
- Follow the instructions to download and install the release
Consider turning on iPhone lockdown mode
If you are at higher risk or are just concerned about security, use lockdown mode on your iPhone. Here’s how.
“What researchers have found is that lockdown mode blocks a lot of sophisticated attacks, even without the phone being updated. Of course, people need to update their phone. But lockdown mode in some cases would have blocked attacks even before Apple knew about this specific exploit or there was a patch released,” Railton said. “It radically increases the security of your device and makes it way more expensive for bad actors to hack into your stuff.”
- Open settings
- Tap privacy & security
- Scroll down, tap Lockdown Mode then tap turn on Lockdown Mode
- Tap turn on & restart then enter your device passcode.
Try Consumer Reports Security Planner
Security Planner is a free guide from Consumer Reports that was originally developed and maintained by the Citizen Lab. It provides information on identity theft and ransomware, plus tips on devices such as smart speakers, baby monitors, and smart TVs.
Turn on multifactor authentication
Turn on multifactor authentication on all accounts that offer it, the Cybersecurity and Infrastructure Security Agency (CISA) recommends.
Use strong passwords or a password manager
Use strong passwords that are long, random, and unique to each account, and use a password manager to generate them and to save them, says CISA, which is part of the Department of Homeland Security.
Keep an eye out for phishing
Think before you click, CISA says. Be cautious with unsolicited emails or texts or calls asking for personal information. Don't click on links or open attachments from unknown sources.