iOS 18 fixes urgent security flaws for millions — update your iPhone right now

iPhone 15 Pro Max shown in hand
(Image credit: Tom's Guide)

Ahead of the launch of the iPhone 16 later this week, Apple has released iOS 18 which includes updates for popular apps like Notes, Calendar and Maps, new personalization tools and some welcome privacy improvements. 

Even if you’re sticking with your old iPhone, you’re going to want to download and install the latest version of iOS, as it includes fixes for a number of dangerous security flaws that could be used by hackers in their attacks.

As reported by SecurityWeek, iOS 18 contains patches for at least 33 different vulnerabilities. Many of them also affect core components of the best iPhones from Bluetooth to Control Center; if exploited, they could be used to gain unauthorized access to the data stored on your iPhone or even to completely take over vulnerable devices.

Here’s everything you need to know about all the new security fixes in iOS 18 along with some tips and tricks on how to keep your Apple devices safe from hackers.

iPhone vulnerabilities

In a new security bulletin, Apple has revealed all of the vulnerabilities it has patched in iOS 18. Since there are so many, I’m just going to highlight the most serious ones and how hackers could exploit them in their attacks.

Four out of the 33 flaws deal with the iPhone’s accessibility features. The first flaw (tracked as CVE-2024-40840) could allow an attacker with physical access to your iPhone or iPad to use Siri to access sensitive user data. Likewise, another accessibility flaw (tracked as CVE-2024-44171) could be exploited by an attacker holding your locked iPhone to control nearby devices.

As for Bluetooth, another flaw (tracked as CVE-2024-44124) could be exploited to allow a malicious Bluetooth input device — like one of the best wireless keyboards — to bypass pairing requirements.

If you’re using one of the best iPhone VPN services, a kernel flaw (tracked as CVE-2024-44165) could lead to network traffic leaking outside of a VPN tunnel which defeats the point of using a VPN in the first place to protect your online privacy. Meanwhile, another flaw in Mail accounts on iOS (tracked as CVE-2024-40791) could allow an app to access information about a user’s contacts.

There are also two flaws involving Siri. The first (tracked as CVE-2024-44139 and CVE-2024-44180) could be used by an attacker with physical access to your iPhone to access contacts directly from your lock screen. The second Siri-related flaw (tracked as CVE-2024-44170) could let an app access sensitive user data on your iPhone if left unpatched.

There are also two Webkit flaws which is the browser engine used by Safari. The first (tracked as CVE-2024-44187) could allow for malicious web content to be processed leading to universal cross site scripting. The second (tracked as CVE-2024-44187) could allow malicious sites to exfiltrate data cross-origin info.

Finally, a Wi-Fi flaw (tracked as CVE-2024-40856) could be used by a hacker to force your iPhone to disconnect from a secure network, opening you up to other attacks.

These are just a few of the security flaws that have now been patched with the release of iOS 18. For more information, check out Apple’s security bulletin linked above.

How to keep your Apple devices safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

The first and most important thing you can do to keep your iPhone and the best MacBooks safe from hackers is to install updates as soon as they become available. While not every update will have cool new features like Apple Intelligence to test out, you don’t want to skip them as Apple frequently releases fixes for security flaws like the ones described above.

If you wait to install updates and patches, you’re putting yourself and your data at risk as hackers love to target people running outdated software. It may be annoying having to update your iPhone, iPad and Mac this often but you’ll be glad you did the next time you read about dangerous Mac malware or other threats targeting Apple users.

While there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own malware scanning restrictions on mobile devices, one of the best Mac antivirus software solutions does have a workaround for this. When an iPhone or even one of the best iPads is plugged into a Mac via USB cable, both Intego Mac Internet Security X9 and Intego Mac Premium Bundle X9 can scan them for malware.

Although Macs used to be much safer from malware and other threats, hackers have taken notice as they’ve grown in popularity since the release of the first iPhone and they've begun to focus more resources on targeting them. 

Spyware, malware and other attacks designed to target Apple devices are also quite profitable for cybercriminals. Fortunately, Apple continues to release timely updates to deal with all manner of cyberthreats. However, it’s up to you to install these updates sooner rather than later to stay safe from the latest attacks.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.