Earlier this week, Apple released iOS 18.2, which includes several interesting features such as the integration with ChatGPT, Image Playground for generating images, and much more. In addition to these features, this update introduces several notable security/privacy features and vulnerability fixes that enhance the security of your iPhone and iPad. Here’s a breakdown of what’s new.
Key Security and Privacy Features in iOS 18.2
Improved “Find My” Sharing
Users can share the location of their “Find My” items, like AirTags, with trusted contacts or organizations like airlines using a link. If you lose your item that has an AirTag on it, you can generate a link in the Find My app by selecting “Share Item Location” and sharing it with friends or authorities to help you find it.
The good thing about this feature is that recipients of the link can access the location of the item even if they don’t have an Apple device. The shared link has a “Show Contact Info” option that displays the owner’s contact details on a web page. This allows anyone who finds the item to easily contact the owner. Please note that the shared link expires after a week or when the item is found.
Safari HTTPS Priority
With this update, Safari prioritizes secure connections by automatically upgrading URLs from HTTP to HTTPS wherever possible. This helps protect users from exposing their private information when browsing the web. By enforcing HTTPS whenever possible, you can now browse with greater confidence, knowing that your communications are encrypted and more resistant to tampering.
Security and Privacy Vulnerability Fixes
Apple also fixed several security and privacy vulnerabilities in iOS. Some of the notable fixes include:
- AppleMobileFileIntegrity: This component ensures the integrity of iOS applications by restricting unauthorized modifications. Multiple vulnerabilities were identified where malicious applications could bypass restrictions and access sensitive data. Apple patched all these vulnerabilities to reinforce data protection.
- Crash Reporter: The Crash Reporter tool collects diagnostic logs to help developers debug apps. The previous iOS version had a permissions flaw that allowed apps to access sensitive user data without proper authorization. Apple fixed this issue, so apps now adhere to strict permission protocols before accessing logs.
- Memory Corruption: Flaws in memory handling could allow attackers to corrupt system memory, potentially causing app crashes or unexpected system terminations. Apple also fixed this issue with more robust memory management and validation methods to prevent such exploits.
- WebKit: There were vulnerabilities in WebKit (the browser engine powering Safari) that allowed maliciously crafted web pages to cause memory corruption or app crashes. Apple enhanced memory handling and implemented stricter checks to mitigate these risks.
- ImageIO and FontParser: Both components handle image and font processing. Exploits targeting these could disclose process memory, which could then be used to extract sensitive data or facilitate further attacks. Apple fixed these issues to prevent any unintended memory leaks when processing malicious files.
- Libxpc Vulnerability: Vulnerabilities in this inter-process communication library allowed some apps to bypass sandbox restrictions or gain elevated privileges. Apple added logic checks to ensure applications cannot exploit these flaws, protecting users from privilege escalation attacks that could compromise device security.
- Safari and Private Relay: An issue with Safari revealed users’ originating IP addresses when adding websites to the Reading List even when Private Relay is enabled, a feature designed to anonymize IPs. Apple resolved this, ensuring better privacy for users who rely on Private Relay.
- VoiceOver Lock Screen Protection: Attackers with physical access to a locked device could potentially view notification content using VoiceOver. This flaw was patched to ensure that notifications remain secure and hidden on locked screens.
Key Takeaway
When a new iOS update is released, most people focus on the visible features. However, performance improvements and security enhancements are also essential. If you are using iOS 18.1 or an earlier version, it’s important to update to 18.2 to benefit from the latest security features and vulnerability fixes.