Millions of iPhone users have been urged to update their devices to iOS 18 as soon as possible to fix a bug that allows hackers to steal their data.
The vulnerability affects the Transparency, Consent, and Control (TCC) subsystem in iOS, which is responsible for notifying users when an app tries to access sensitive data such as photos, GPS location, contacts, and more.
But the bug causes this notification system to fail, potentially allowing third parties to steal “extensive” amounts of iCloud data through their apps.
This type of vulnerability is known as “TCC bypass.”
“It is alarming that this exploitation occurs without leaving any trace of the data accessed, which poses a threat to user privacy and general data security,” said cybersecurity experts.
The bug was discovered by cybersecurity company Jamf Threat Labs, which found that it affects both iPhone and Mac.
Jamf experts reported their findings to Apple, and the technology company fixed the issue in iOS 18 and macOS 15, the latest versions of the iPhone and Mac operating systems.
Jamf’s warning comes as Apple prepares to release iOS 18.2, the latest update to its operating system.
Millions of iPhone users have been urged to update their devices as soon as possible to fix a bug that allows hackers to steal their data.
The first version of iOS 18 was released on September 16 on dozens of devices.
The update is available for all iPhones 11 to 15, as well as the second and third generation XR, XS, XS Max, and iPhone SE.
To update your device, open the Settings app and tap “General,” then tap “Software Update.”
If iOS 18 is available, you’ll see it appear on the screen with an “Install Now” button at the bottom. If you prefer to update your phone overnight, you can tap “Install tonight.”
Once the download is complete, your iPhone will be running iOS 18.
Typically, when an app attempts to access information stored in another app, TCC will issue a push notification asking the iPhone user to authorize that access.
But this error prevents TCC from issuing that notification and grants access without the knowledge or consent of the iPhone user.
In addition to photos, GPS location, and contacts, this means apps can gain unauthorized access to files and folders, health data, your microphone or camera, and more.
Updating the iOS 18 software should fix the issue and restore your data security
Updating the iOS 18 software should fix the issue and restore the security of your data.
But this bug highlights a broader security concern, as attackers target data and intellectual property that can be accessed from multiple locations, Jamf experts said in a blog post.
This allows hackers to focus on compromising weaker connected systems, they explained.
For example, services like iCloud, which allow data to be synchronized between devices, allow attackers to access sensitive information through a variety of entry points, collecting valuable data and intellectual property, according to Jamf.
This bug fix is a major change included in the iOS 18 software, but that’s not all Apple has included in this massive update.
The latest version of this operating system, iOS 18.2, will offer the second wave of Apple Intelligence features, which are new tools and applications powered by artificial intelligence.
iOS 18.2 will introduce GPT Chat integration, updates to Siri, Genmoji, Image Playground, and more.
The exact date and time of the update’s release are still unknown. Previously, experts predicted that it could drop on Monday, but iPhone users are still waiting for it to drop.
Apple tends to roll out updates on Mondays, so December 16 is another important potential release date.
In addition to new features, patching vulnerabilities to protect your sensitive data is a very good reason to make sure your device is running the latest operating system.
But many iPhone users who have already installed iOS 18 have complained about “complicated” changes to key apps and “annoying” crashes.
The biggest complaint revolves around the redesigned Photos app, which “makes it easier to find and relive special moments,” Apple said. “The beautiful, simplified design gives the library a unified yet familiar view.”
But many users disagree, saying the app’s new interface is difficult to navigate and overwhelming to use.
“Every time Apple makes a major change to iOS, we all immediately hate it and slowly realize it’s better, but I don’t see it in the Photos app,” wrote one X user.
“Updated to iOS 18 last night and suddenly the Photos app is ugly and complicated,” one user posted on X.
Meanwhile, iPhone users also found that installing iOS 18 significantly drained battery life and introduced bugs that caused apps to crash or made them difficult to open and log in to.
It’s up to users to decide whether the new features and bug fixes included in iOS 18 are worth these risks. But data security experts urge the public to take this TCC omission seriously and update devices.