Millions of iPhone users have been urged to update their devices to iOS 18 as soon as possible to fix a bug that allows hackers to steal their data.
The vulnerability affects the Transparency, Consent and Control (TCC) subsystem in iOS, which is responsible for notifying users when an app tries to access sensitive data such as photos, GPS location, contacts and more.
But the bug causes this notification system to fail, potentially allowing third parties to steal ‘extensive’ amounts of iCloud data through your apps.
This type of vulnerability is known as a ‘TCC bypass.’
‘Alarmingly, this exploitation occurs without leaving any trace of the data accessed, posing a threat to user privacy and overall data security,’ cybersecurity experts stated.
The bug was discovered by the cybersecurity firm Jamf Threat Labs, which found that it affects both iPhones and Macs.
Jamf experts reported their findings to Apple, and the tech company patched the issue in iOS 18 and macOS 15 – the latest versions of the iPhone and Mac operating systems.
Jamf’s warning comes as Apple prepares to launch iOS 18.2 – the latest update to their operating system.
Millions of iPhone users have been urged to update their devices as soon as possible to fix a bug that allows hackers to steal their data
The first version of iOS 18 launched on September 16 to dozens of devices.
The update is available to all iPhones 11 through 15, as well as the XR, XS, XS Max and second and third generation iPhone SEs.
To update your device open the Settings app and tap ‘General,’ then tap ‘Software Update.’
If iOS 18 is available, you will see it appear on the screen with an ‘Install Now’ button at the bottom. If you would prefer to update your phone overnight, you can tap ‘Install Tonight.’
Once the download is complete, your iPhone will run iOS 18.
Typically, when an app tries to access information stored in another app, TCC will issue a push notification that asks the iPhone user to authorize that access.
But this bug stops TCC from issuing that notification, and grants access without the iPhone user’s knowledge or consent.
In addition to photos, GPS location and contacts, this means that apps can gain unauthorized access to files and folders, Health data, the microphone or camera and more.
The iOS 18 software update should patch the issue and restore your data security
The iOS 18 software update should patch the issue and restore your data security.
But this bug highlights a broader security concern as attackers target data and intellectual property that can be accessed from multiple locations, Jamf experts stated in a blog post.
This allows hackers to focus on compromising the weakest of the connected systems, they explained.
For example, services like iCloud – which allow data to sync across devices – enable attackers to access sensitive information through a variety of entry points, gathering valuable intellectual property and data, according to Jamf.
This bug fix is an important change included in the iOS 18 software, but that’s not all that Apple has packed into this massive update.
The latest version of this operating system – iOS 18.2 – will deliver the second wave of Apple Intelligence features, which are new tools and applications powered by artificial intelligence.
iOS 18.2 will introduce Chat GPT integration, Siri upgrades, Genmoji, Image Playground and more.
The exact date and timing of the update release is still unknown. Previously, experts predicted it could drop on Monday, but iPhone users are still waiting for it to drop.
Apple tends to roll out updates on Mondays, so December 16 is another strong potential release date.
In addition to the new features, repairing vulnerabilities to protect your sensitive data is a very good reason to make sure your device is running the latest operating system.
But many iPhone users who already installed iOS 18 have complained of ‘convoluted’ changes to key apps and ‘annoying’ glitches.
The biggest gripe revolves around the redesigned Photos app, which ‘Makes it easier to find and relive special moments,’ Apple claimed. ‘The beautiful, simplified layout puts the library into a unified yet familiar view.’
But many users disagree, saying that the app’s new interface is difficult to navigate and overwhelming to use.
‘Every time apple makes a major change to iOS we all immediately hate then slowly come around to realizing it’s better, but I just don’t see it for the photos app,’ an X user wrote.
‘Updated to iOS 18 last night and all of a sudden the photos app is ugly and convoluted,’ one user posted on X.
Meanwhile, iPhone users have also found that installing iOS 18 significantly depleted their battery life and introduced glitches that cause apps to crash, or make it difficult to open and sign into them.
It’s up to users to decide whether the new features and bug fixes included in iOS 18 are worth these risks. But data security experts are urging the public to take this TCC bypass seriously and update devices.