Apple has issued iOS 17.0.2 for all iPhones. It comes just days after the launch of the major iPhone update iOS 17 and subsequent release of iOS 17.0.1 to fix three security flaws already being used in real-life attacks. Apple has also issued the iOS 16.7 upgrade, fixing the same three security flaws.
Apple initially released iOS 17.0.2 for iPhone 15 users to fix a set up transfer bug, but as of September 26, the upgrade is now available for all iPhones that can run the software. The iOS 17.0.2 update includes the iOS 17.0.1 security fixes.
You now have two options—iOS 17.0.2 or iOS 16.7—and you need to update to one of them. Which iPhone upgrade should you choose?
The Case For iOS 17.0.2
The iOS 17 software upgrade has been a long time coming, and it includes some very cool new iPhone features that enhance your security and privacy—although be warned, you need to check your settings after updating.
Days after the launch of iOS 17, iOS 17.0.1 arrived, fixing three major iPhone security issues already being used in attacks. The bugs fixed in iOS 17.0.1 were reported to Apple by security outfit Citizen Lab, which warned that attackers used the iPhone flaws to plant spyware.
The first flaw fixed in iOS 17.0.1 is a privilege escalation issue in the Kernel at the heart of the iPhone operating system tracked as CVE-2023-41992.
The second issue patched in iOS 17.0.1 is a flaw in Security that could allow a malicious app to bypass signature validation.
The final iPhone vulnerability fixed in iOS 17.0.1 is a flaw in WebKit, the engine that underpins Apple’s Safari browser, that could allow an attacker to execute code.
All three issues may have been actively exploited against versions of iOS before iOS 16.7, the iPhone maker said on its support page. That means you are at risk even if you are running the last version of iOS 16, iOS 16.6.1.
If you have already upgraded to iOS 17, you need to download iOS 17.0.2 as soon as possible to fix these security issues. Check for the update in your Settings > General > Software Update now.
For those of you on iOS 16.6.1, there are several advantages of going straight to iOS 17.0.2—especially if you want enhanced security.
One of the benefits of upgrading to iOS 17.0.2 rather than iOS 16.7 is enhanced Lockdown Mode. If you are an at-risk iPhone user—such as a journalist or political figure, it’s worth updating to iOS 17.0.2, because Apple has confirmed this feature would have prevented the spyware attacks it just fixed.
“We believe and Apple’s Security Engineering & Architecture Team confirms, Lockdown Mode would have blocked this attack,” Citizen Lab senior researcher John Scott-Railton said on Twitter. We *strongly* encourage all Apple users that may be at risk because of who they are or what they do to enable Lockdown Mode.”
The Case For iOS 16.7
I get it—many people don’t want to upgrade to iOS 17.0.2 immediately, because they want to wait for any early bugs to be ironed out. At this early stage, it’s understandable you’d want to choose iOS 16.7 instead.
The iOS 16.7 update fixes over a dozen security vulnerabilities, including the three already exploited flaws also fixed in iOS 17.0.2. Three of the issues patched in iOS 16.7 are in the Kernel.
If you’d rather update to iOS 16.7 and wait a few weeks for iOS 17 bug fixes, you will still be pretty secure. The only important consideration is whether you’d be a target for attacks and could therefore benefit from enhanced protection through improved Lockdown Mode.
Apple iOS 16.7 Vs iOS 17.0.2—Which Update Should You Choose?
It’s decision time, so what should iPhone users do? Time is of the essence. As security researcher Sean Wright points out, three iPhone vulnerabilities are being actively exploited by adversaries, so you should update as soon you can.
Wright says the three issues can be chained together to allow a remote attacker to “potentially gain privileged access to the device.”
Both updates fix these flaws, so Wright thinks the choice between iOS 16.7 and iOS 17.0.2 is down to individual preference. “Some may want to wait for all the initial issues with iOS 17 to be fixed, which is a perfectly reasonable and safe option. But if you stick with iOS 16, bear in mind that you will eventually have to update to iOS 17 at some point, although it is not clear when support will officially end for it.”
Apple does keep its previous iOS updated for the few months following the launch of a new software, so for now, the choice is yours. I’ve upgraded to iOS 17.0.2 because I am keen to try out the new features, but if you want to leave it a couple of weeks, iOS 16.7 is a valid option.
So what are you waiting for? Go to your Settings > General > Software Update and upgrade to either iOS 17.0.2 or iOS 16.7 as soon as you can.
Read the full article here