iOS 18.1.1—Update Now Warning Issued To All iPhone Users

Apple has issued iOS 18.1.1, an emergency iPhone update that you should apply now. That’s because iOS 18.1.1 fixes two serious security vulnerabilities, both of which are already being used in real-life attacks.

Apple doesn’t give much information about what’s fixed in iOS 18.1.1, to give people as much time to update as possible before more attackers get hold of the details. But the iPhone maker does say the iOS 18.1.1 update “provides important security fixes and is recommended for all users.”

Tracked as CVE-2024-44308, the first issue patched in iOS 18.1.1 is a flaw in the JavaScriptCore framework that could result in code execution if the user interacts with maliciously crafted web content. “Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” the iPhone maker said on its support page.

The second issue patched in iOS 18.1.1, tracked as CVE-2024-44309, is a flaw in WebKit, the engine that underpins Apple’s Safari browser. If exploited, a user could fall victim to a cross-site scripting attack, which sees an attacker inject malicious code into a trusted website or application.

Again, Apple said it is aware of a report that this issue “may have been actively exploited on Intel-based Mac systems.”

Alongside iOS 18.1.1, Apple has also released iOS 17.7.2, for people with older devices or who do not want to upgrade to iOS 18 yet, fixing the same two vulnerabilities.

Apple has also released macOS Sequoia 15.1.1 and visionOS 2.1.1 to fix the already-exploited flaws.

Why You Should Update To iOS 18.1.1 Now

While there are only two vulnerabilities fixed in iOS 18.1.1, they are “significant,” says Sean Wright, head of application security at Featurespace. “The JavaScriptCore vulnerability could allow attackers to remotely target victims to execute code on their devices,” he says. “This code would hopefully be limited to existing sandbox protections, but it could allow attackers to do things such as redirect users to malicious sites and potentially steal session tokens.”

ForbesiOS 18.1—Apple Secretly Added A Cool New iPhone Security FeatureBy Kate O’Flaherty

The other vulnerability in WebKit could have a similar impact to the JavaScriptCore vulnerability, says Wright. Due to the way Apple enforces browsers on its ecosystem, this will likely affect all browsers across the tech giant’s ecosystem including iPhones, iPads and Macs, he says.

Given that the two vulnerabilities patched in iOS 18.1.1 are being used in attacks, Wright advises “updating as soon as you can.”

Also, be extra vigilant about the sites you browse and any links that you click on, he says.

Apple’s iOS 18.1.1 is available for the Phone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later and iPad mini 5th generation and later.

Make no mistake, the flaws patched in iOS 18.1.1 and iOS 17.7. 2 are serious, hence Apple’s need to issue this as an emergency, security-only iPhone update. You know what to do, go to your Settings > General > Software Update and download and install iOS 18.1.1 or 17.7.2 now.